This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Proxy not able to pickup KeyStore Alias name

Posted on 10-03-2019 11:40 AM
vlakshminarayan
New Member
Reply posted on --/--/---- --:-- AM

We have created a proxy and it is using Target Servers to retrieve target endpoint. The proxy works fine for qa environment but fails for dev environment stating below error.

Error Deploying Revision 2 to dev
Target default has invalid keyalias reference BUS-APIGEE-QA. Context Revision:2;APIProxy:balances;Organization:orgname-nonprod;Environment:dev.

The Target Servers and TLS Key Stores are same for qa and dev environment. We have restarted the servers as well, still proxy is not able to pick up the keystore.

<HTTPTargetConnection>
  <Properties/>
  <SSLInfo>
   <Enabled>true</Enabled>
   <ClientAuthEnabled>true</ClientAuthEnabled>
   <KeyStore>esb-mtls-apigee-keystore</KeyStore>
   <KeyAlias>ESB-APIGEE-QA</KeyAlias>
   <TrustStore>esb-mtls-apigee-truststore</TrustStore>
  </SSLInfo>
  <LoadBalancer>
   <Server name="esb_rest"/>
  </LoadBalancer>
  <Path>/ws/AcctInformation1.0</Path>
</HTTPTargetConnection>

Any help would be greatly appreciated. I have attached the snapshot of Apigee Edge configuration of dev and qa environments.

apigee-dev.jpg

apigee-qa.jpg

Thank you!

Solved Solved
0 8 1,427
Topic Labels
Jump to Solution
0 Likes
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
gaurav_bhandari
New Member
Reply posted on --/--/---- --:-- AM

Hi @Vinay Lakshminarayan

1. Run the following command on the Management Server:-

curl -v -u <username> "URL"

where URL is

/e/<Env>/keystores/<KeystoreName>

OName=Orgname

Env=Environment Name

KeystoreName = KeystoreNameWhichHasPrivateKeyPlusPublicKey

2. You will get the below output

{
"aliases" : [ {
"aliasName" : "KeystoreName",
"cert" : "KeystoreName-cert",
"key" : "KeystoreName-key"
} ],
"certs" : [ "KeystoreName-cert" ],
"keys" : [ "KeystoreName" ],
"name" : "KeystoreName"
}

3. The aliasName above is the alias name of your keystore.

View solution in original post

Jump to Solution
8 REPLIES 8

Posted on --/--/---- --:-- AM
dchiesa1
Staff
Reply posted on --/--/---- --:-- AM

I don't know what the problem might be, but ... can you try using a keystore REFERENCE (ref://reference-name-here ) . ?

This is generally recommended as best practice.

Jump to Solution

Posted on --/--/---- --:-- AM
vlakshminarayan
New Member
In response to dchiesa1
Reply posted on --/--/---- --:-- AM

Hi @Dino-at-Google,

As mentioned I have used the reference, but DEV deployment is still throwing error. QA works pretty well. I have attached the configurations snapshot in the question section.

<SSLInfo>
    <Enabled>true</Enabled>
    <ClientAuthEnabled>true</ClientAuthEnabled>
    <KeyStore>ref://esb-keystore</KeyStore>
    <KeyAlias>ESB-APIGEE-QA</KeyAlias>
    <TrustStore>ref://esb-truststore</TrustStore>
</SSLInfo>

Deployment error is

Error Deploying Revision 2 to dev
Target default has invalid keyalias reference ESB-APIGEE-QA. Context Revision:2;APIProxy:balances;Organization:fhnc-nonprod;Environment:dev.
Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
dchiesa1
Staff
In response to vlakshminarayan
Reply posted on --/--/---- --:-- AM

Can you try some queries for me?

curl -i -n $mgmtserver/v1/o/$ORG/e/dev/references

From that I expect to see your named reference,. "esb-keystore".

Then examine the reference you used:

curl -i -n $mgmtserver/v1/o/$ORG/e/dev/references/esb-keystore

You should see an output like this: 

{
  "name" : "esb-keystore",
  "refers" : "SOMETHING",
  "resourceType" : "KeyStore"
}

Then, query the keystore that is referenced 

curl -i -n $mgmtserver/v1/o/$ORG/e/dev/keystores/SOMETHING

As a response to that, you should see something like this:

{
  "aliases" : [ {
    "aliasName" : "alias1",
    "cert" : "alias1-cert",
    "key" : "alias1-key"
  } ],
  "certs" : [ "alias1-cert" ],
  "keys" : [ "expediaClient" ],
  "name" : "SOMETHING"
}

The aliasName ought to be "ESB-APIGEE-QA".

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
dchiesa1
Staff
In response to dchiesa1
Reply posted on --/--/---- --:-- AM

Also, here's a nice utility for creating keystores within Apigee Edge. It may work for your private cloud deployment.

createKeystore.js

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
vlakshminarayan
New Member
In response to dchiesa1
Reply posted on --/--/---- --:-- AM

Thank you @Dino-at-Google, after querying the keystore and while comparing QA with DEV got to know in DEV certificate was not setup properly because of that i was getting error.

Thank you once again!

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
gaurav_bhandari
New Member
Reply posted on --/--/---- --:-- AM

Hi @Vinay Lakshminarayan

1. Run the following command on the Management Server:-

curl -v -u <username> "URL"

where URL is

/e/<Env>/keystores/<KeystoreName>

OName=Orgname

Env=Environment Name

KeystoreName = KeystoreNameWhichHasPrivateKeyPlusPublicKey

2. You will get the below output

{
"aliases" : [ {
"aliasName" : "KeystoreName",
"cert" : "KeystoreName-cert",
"key" : "KeystoreName-key"
} ],
"certs" : [ "KeystoreName-cert" ],
"keys" : [ "KeystoreName" ],
"name" : "KeystoreName"
}

3. The aliasName above is the alias name of your keystore.

Jump to Solution

Posted on --/--/---- --:-- AM
gaurav_bhandari
New Member
In response to gaurav_bhandari
Reply posted on --/--/---- --:-- AM

I am not able to provide the URL. I guess the UI has some restrictions.

/v1/o/OName
/e/Env/keystores/KeystoreName

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
vlakshminarayan
New Member
In response to gaurav_bhandari
Reply posted on --/--/---- --:-- AM

Thank you @gbhandari, the issue was with KeyStore setup in DEV environment. Got to know the difference in Keystore setup while comparing QA and DEV configurations.

Jump to Solution
0 Likes