400 Bad Request

Report Inappropriate Content · 03-12-2020 05:23 AM

Hi,

I am configuring 2 Way TLS for the API call in apigee. I have configured the virtual host with keystore and truststore. I have added the client public certificate in truststore of apigee and public cert of apigee in my client. I am getting below error. Can anyone help me with this? Thanks in advance.

400 Bad Request

No required SSL certificate was sent

Report Inappropriate Content

The issue is finally resolved. This was because of few information missing in the routers. I deleted and added the keystore again. Then restarted both the routers. And then it started working.

View solution in original post

ylesyuk

Looks like the problem is with your client app mTLS configuration. for mTLS you mentioned the right configuration steps for Apigee site.

For mTLS,

On Server:
(1) [ ] configure server key (a) and server certificate (b) to keystore

(2) [ ] client certitificate (or client root CA cert to truststore

O Client (depending on the tech stack:

(3) [ ] configure client key (a) and client certificate (b)

(4) [ ] server certificate (or root CA cert for server)

You mentioned 2 and 1a,b and 4. You said nothing about 3a and 3b.

Report Inappropriate Content

I have done step 3 as well. But didn't get success.

Report Inappropriate Content

The issue is finally resolved. This was because of few information missing in the routers. I deleted and added the keystore again. Then restarted both the routers. And then it started working.

salazarjoan

HI I encountered the same issue but haven't tried requesting to restart the routers. We already added client ROOT CA in apigee's trust store but still no luck. We are able to perform mtls with self signed certificates but not with our company signed certificates. Hope you could share the steps you did to fix yours. thank you

Report Inappropriate Content

Yes, you need to add clients' root and intermediate certificates both to Apigee truststore. Once added you can make a put call to apigee truststore reference that is referred in virtualhost or you can restart the rmps for testing as of now.

Then request the api in a curl request with -k --key <privatekey> --cert <clientcert>

Let me know if still you are facing issue.

salazarjoan

Hi. Thank you for the response. I am now getting below error:

<html>
<head><title>400 The SSL certificate error</title></head>
<body>
<center><h1>400 Bad Request</h1></center>
<center>The SSL certificate error</center>
<hr><center>server</center>
</body>
</html>

Please note that both intermediate and root ca are already on the trust store. We've also tried updating the reference as instructed but still no lock.

Report Inappropriate Content

try to restart the rmps, if still, you see the same error, then your private key or client certificate is corrupted or its not validating.
You have added two separate files for root and intermediate or in a single file?

If in a single file the new line restriction will be applied.

Let me know if any issue you see.

salazarjoan

We upload it as 2 separate file and we got the same error. Tried uploading it in a same file with new line restriction still encountered the same issue. Unfortunately, we do not have an access to create a support ticket for the rmps restart. We have requested one but haven't got a response from apigee yet.

Report Inappropriate Content

are you using apigee cloud SAAS?

salazarjoan

Yes, we are using apigee cloud saas.

Report Inappropriate Content

Then you may not be able to restart the rmps. You can refresh the truststore reference using PUT management API call. Then can try if it resolves.

Two way TLS between API client to APIGEE proxy

400 Bad Request