This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

SSL Certificate || Integration Issue

Posted on 02-24-2020 04:51 AM
dilip
New Member
Reply posted on --/--/---- --:-- AM

Hello Team,

We follow the below Process to install SSL Certificate on APIGEE Server.

1. Create Key Store , upload the key Chain.

2.Create Trust-Store and first import a. Intermediate Certificate and than b. RootCA.

3. Create reference for key Store and Trust Store.

and than mentioned below in target Endpoint of Our Proxy.

<Enabled>true</Enabled>
<ClientAuthEnabled>true</ClientAuthEnabled>
<KeyStore>keystore</KeyStore>
<KeyAlias>keystorealias</KeyAlias>
<TrustStore>Truststore</TrustStore>
<Protocols>
<Protocol>TLSv1.2</Protocol>
</Protocols>

but still we are getting the below Error.

{
"fault": {
"faultstring": "SSL Handshake failed sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target",
"detail": {
"errorcode": "messaging.adaptors.http.flow.SslHandshakeFailed"
}
}
}

Could you please help us to resolve this Issue.

@Anil Sagar

@Dino

Thanks and Regards

Dilip Tiwari

0 2 481
Topic Labels
0 Likes
2 REPLIES 2

Posted on --/--/---- --:-- AM
imesh
Staff
Reply posted on --/--/---- --:-- AM

Hi Dilip, I believe you have configured Mutual-TLS on north-bound end between the client application and Apigee. If so, would it be possible for you to verify whether this issue get resolved if you removed the Truststore from the virtual host configuration?

If so, this issue may have caused due to uploading TLS certificates of the client TLS certificate chain as separate certificates to the Truststore. Can you please try to import the client TLS certificate chain into the Truststore using a single PEM file by combining the TLS certificates in the following order?

-----BEGIN CERTIFICATE-----

[Primary TLS certificate]

-----END CERTIFICATE----
------BEGIN CERTIFICATE-----

[Intermediate TLS certificate]

-----END CERTIFICATE----
------BEGIN CERTIFICATE-----

[Root TLS certificate or intermediate TLS certificate signed by a root certificate]

-----END CERTIFICATE----
0 Likes

Posted on --/--/---- --:-- AM
adevegowda
Staff
Reply posted on --/--/---- --:-- AM

@Dilip Tiwari,

You can find details on how to resolve this issue here.

0 Likes