Keystore Truststore update propagation delay

drew · 07-08-2019 02:57 PM

Is there a propagation delay associated with keystore and truststore updates?

I've been setting up and testing 2-way TLS authentication and after installing the required certs in my truststore I've noticed that some of my test requests are successful and others return

400 The SSL certificate error

I'm wondering if this is because I'm being impatient and need to give the system time to propagate the truststore update to the entire cloud. And if there is a expected delay how long is it for?

cjking

The keystore/truststore changes will take time to propagate, but I would not expect it to be very long. It should be 1-2 minutes at most.

The main thing you can do to improve this is to ensure you always use references (https://docs.apigee.com/api-platform/system-administration/working-references) rather than using key/trust stores directly in your virtual hosts.

If you've done that and you're still seeing update delays of more than 1-2 minutes, please raise a case to Apigee support with your organization, environment and virtual host name - it's likely the certificate update process has gotten stuck and we can un-stick it for you.

dchiesa1

I don't think there is an appreciable delay.

Are you using *References* ?

drew

I was not using a reference for the truststore.