This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Unable to perform MTLS using company issued certificate

Posted on 08-06-2020 05:35 PM
salazarjoan
New Member
Reply posted on --/--/---- --:-- AM

Hi.

We are currently working on a project that required MTLS between the consumer of api to apigee. We we're able to make it working using self signed certificate with root and intermediate ca but we are getting below response from apigee when using our company's issued certificate. We've already trusted both company's intermediate and root ca on the vhost's trust store. We already tried running update reference from apigees management api but still no use. Is there anything that we've missed or should be checking to make it work?

<html>
<head>
<meta content="HTML Tidy for Java (vers. 27 Sep 2004), see www.w3.org" name="generator"/>
<title>400 No required SSL certificate was sent</title>
</head>
<body>
<center>
<h1>400 Bad Request</h1>
</center>
<center>No required SSL certificate was sent</center>
<hr/>
<center>server</center>
</body>
</html>

Hope to hear from you soon. Thank you.

0 7 202
Topic Labels
0 Likes
7 REPLIES 7

Posted on --/--/---- --:-- AM
deboraelkin
Staff
Reply posted on --/--/---- --:-- AM

Are you using a reference to the truststore in your virtual host configuration? If not, the updated truststore info may not be available at runtime without restarting routers (OPDK) or an interventions from Google Support team (SaaS)

See https://docs.apigee.com/api-platform/system-administration/working-references.

0 Likes

Posted on --/--/---- --:-- AM
salazarjoan
New Member
In response to deboraelkin
Reply posted on --/--/---- --:-- AM

HI Debora,

Yes, we are using reference on our vhost configuration.

Thanks

0 Likes

Posted on --/--/---- --:-- AM
deboraelkin
Staff
In response to salazarjoan
Reply posted on --/--/---- --:-- AM

If you're already using references, make sure to create a new truststore with the required certificates and update the reference to point to the new truststore

0 Likes

Posted on --/--/---- --:-- AM
salazarjoan
New Member
In response to deboraelkin
Reply posted on --/--/---- --:-- AM

Hi. tried this process as well but we are still getting the same response.

0 Likes

Posted on --/--/---- --:-- AM
deboraelkin
Staff
In response to salazarjoan
Reply posted on --/--/---- --:-- AM

If you have a licence, I'd recommend that you open a support ticket, so that our support engineers can troubleshoot this further

0 Likes

Posted on --/--/---- --:-- AM
salazarjoan
New Member
In response to deboraelkin
Reply posted on --/--/---- --:-- AM

Yes we do have a license but unfortunately we just inherited the support from the other group. Would you know how can we log a support ticket?

0 Likes

Posted on --/--/---- --:-- AM
Not applicable
Reply posted on --/--/---- --:-- AM

The error says Apigee is not getting certificate of the client in the request. Can you pass the --key <privatekeyfile> and --cert <clientceert> and -k in the curl request?

This will send the certificate to apigee. Then it will resolve.

0 Likes