Hi,
I am trying to proxy a site, which I know has bad certificates. Please find the curl info below
curl -v "https://pcwebshop.co.uk"
* Rebuilt URL to: https://pcwebshop.co.uk/
* Hostname was NOT found in DNS cache
* Trying 217.160.239.225...
* Connected to pcwebshop.co.uk (127.0.0.1) port 443 (#0)
* SSL certificate problem: Invalid certificate chain
* Closing connection 0
curl: (60) SSL certificate problem: Invalid certificate chain
More details here: http://curl.haxx.se/docs/sslcerts.html
But, Apigee is doing a handshake and not complaining. I have tried adding the below tag in SSLInfo of target endpoint.
<IgnoreValidationErrors>false</IgnoreValidationErrors>
But, it behaves same. Can someone please let me know how, we can ensure that we are talking to the right server.
Thanks
you need to specify the Truststore in SSLInfo that contains valid certs/ca to accept, otherwise it will behave the way like curl with a '-k' switch - ignore server cert validation
This helped me with an unrelated "Invalid certificate chain" issue. Thanks, @Mukundha Madhavan!
Not according to the Apigee documentation at http://docs.apigee.com/api-services/content/keystores-and-truststores
"In one-way TLS, a truststore is not required if the cert is signed by a valid CA"
User | Count |
---|---|
2 | |
2 | |
1 | |
1 | |
1 |