Truststore not working even if the proper certificate is loaded & references are already refreshed.

Hi, this is somehow related to my first question here. But the difference is that all other configs and even refreshing of the references was already done and this was done on another environment. However, my self signed certs are still erroring out with this error,

<html>
<head>
 <title>400 The SSL certificate error</title>
</head>
<body>
 <center>
 <h1>400 Bad Request</h1>
 </center>
 <center>The SSL certificate error</center>
 <hr>
 <center>server</center>
</body>
</html> 

even if the proper certificates and truststore was already configured and the references to the truststore are already refreshed. What could possibly the problem then?. Below is the configuration of our current virtualhost where the certificates are not loading.

10303-sit-config.png

while below is the other virtualhost config. we have in the organization where the same root certificate and client certificate used from above are working

10305-uat-config.png

Is there something wrong with the virtualhost config?.

0 5 563
5 REPLIES 5

Not applicable

Have you added full certificate chain to the truststore?

Is the certificate not corrupted?

I did, its the same certificate chain I use on other environments where the very same client certificate is used to make API calls.

Is it cloud or onprem?

If on-prem check if VH setup is all good.(validate /opt/nginx/conf.d for any .bad configs - if everything is good you will see .key,.cert.conf,.pem files with no .bad extension)

https://docs.apigee.com/api-platform/troubleshoot/nginx/bad-config-files

Cross check VH setup's (see built in free trial cert & not sure about the situation but validating above vh config will give you some clue)

One option is to run a debug (on router/mp https://docs.apigee.com/private-cloud/v4.18.05/enabling-debug-logging ) & run a test to validate the logs..

Sometimes we observ if you change VH changes via management api it may not't reflect the changes immediately but post restart you can see the difference..

Just be patience in reviewing the logs and you will figure out the issue..

If it is cloud work with support 🙂

- good luck.

is there any other way to know possible issues without admin access?. its just that we are just developers in the Organization, and we dont have control in the configuration of the virtualhost and references/keystores. I'm primarily looking in the Edge UI configuration as this is the only visible configuration to me as a API developer.

can you check the log in nginx what is there?

I faced this error because of bad certificate or certificate chain is not available in truststore.