Self-signed certificate didn't work

Not applicable

In ODPK Apigee, I tried to configure HTTPs enable with the virtual host. I followed the apigee document and I created a self signed certificate. But I didn't get success. Later I used CA certified certificate and it worked. I just wanted to know why the self signed certificate didn't work. I was useing that internally.

0 5 330
5 REPLIES 5

If you want help diagnosing this, you'll need to provide more details than "it didn't work". Specifically what did you try andn what results did you see? Where in the process did you conclude "it didn't work" ?

The most common cause of problems with using a self-signed cert is that the client does not trust the certificate. This would explain why the CA-signed cert works; clients typically trust the well-known CAs.

There can be secondary issues, such as, the client does not correctly handle SNI.

But there can be many other causes. For example the self-signed cert does not include the correct hostname for the given vhost. Or, the client uses a hostname that does not match the host on the self-signed cert.

Check the archives here on community; I posted a longish description of what is necessary when configuring TLS Vhosts, and how Apigee handles things. Hint: it's not different than how any TLS system handles keys and certs. But there are many details you need to take care with.

It didn't work means, I was not able to hit the proxy from postman or browser. It throws below error.

This site can’t be reached

ylesyuk
Participant V

The self-signed certificate would not work because your client does not trust it.

But "This site can't be reached" error message implies connectivity problem from your client to your site. It is probable the computer you're running Postman from cannot resolve FQDN correctly or at all.

You can follow this codelab to setup 1-way TLS for a Virtual Host:

https://apigee.github.io/alfa/edge-ops-router-tls

Thanks, Yuriy!