not secure for ssl configured api call

Not applicable

I have configured ssl in virtual host. The secure symbol also can be seen in virtual host, But when I am trying hit the api in browser it is showing me insecure and red symbol. Is there any specific reason behind this? How to solve this? Thanks in advance.

Solved Solved
0 3 253
1 ACCEPTED SOLUTION

Not applicable

I had the query in the beginning phase of working on SSL. Leter I found this is expected as the certificate is self-signed and is not trusted by the browser.

View solution in original post

3 REPLIES 3

There are several possible causes.

First, you may have a proxy that is listening on both secure and insecure vhosts.

In an API Proxy endpoint, you define the vhost on which the API Proxy "listens". It looks something like this:

<ProxyEndpoint name="endpoint1">
  <Description>Proxy Endpoint 1</Description>
  <HTTPProxyConnection>
    <BasePath>/gjwt-addlclaims-1</BasePath>
    <Properties/>
    <VirtualHost>secure</VirtualHost>
  </HTTPProxyConnection>

  ...

You can list one or more VirtualHost elements there.

If you have the "default" vhost there, then your proxy will be available on both the 443 (secure) and 80 (insecure) ports.

Second, if you are certain that you are connecting from browser to the secure vhost (you are using https:// as the scheme), then ... it is possible that the vhost is incorrectly configured. For example the vhost could be configured to return a certificate asserting "my identity is api.example.com", but the vhost might be listening on "api.example. ORG". That's not the same, and the browser's validation of the certificate would flag that as an insecure connection.

Third, there could be other issues with the certificate associated to the vhost. It could be expired. It could be using a key that is rejected by the browser. It could be signed by a CA that is untrusted by the browser.

So, there are a number of reasons you might see what you are reporting.

There may be others as well. Without more information from you, we cannot be certain.

All these three conditions are not applicable in my case. I think there could be any other reason.

Not applicable

I had the query in the beginning phase of working on SSL. Leter I found this is expected as the certificate is self-signed and is not trusted by the browser.