This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Issue with certification validation in Apigee

Posted on 09-03-2015 08:00 PM
Not applicable
Reply posted on --/--/---- --:-- AM

Hi,

I am trying to proxy a site, which I know has bad certificates. Please find the curl info below

curl -v "https://pcwebshop.co.uk"

* Rebuilt URL to: https://pcwebshop.co.uk/

* Hostname was NOT found in DNS cache

* Trying 217.160.239.225...

* Connected to pcwebshop.co.uk (127.0.0.1) port 443 (#0)

* SSL certificate problem: Invalid certificate chain

* Closing connection 0

curl: (60) SSL certificate problem: Invalid certificate chain

More details here: http://curl.haxx.se/docs/sslcerts.html

But, Apigee is doing a handshake and not complaining. I have tried adding the below tag in SSLInfo of target endpoint.

<IgnoreValidationErrors>false</IgnoreValidationErrors>

But, it behaves same. Can someone please let me know how, we can ensure that we are talking to the right server.

Thanks

0 3 1,380
Topic Labels
0 Likes
3 REPLIES 3

Posted on --/--/---- --:-- AM
gnanasekaran
Staff
Reply posted on --/--/---- --:-- AM

you need to specify the Truststore in SSLInfo that contains valid certs/ca to accept, otherwise it will behave the way like curl with a '-k' switch - ignore server cert validation

Posted on --/--/---- --:-- AM
jonesfloyd
Staff
In response to gnanasekaran
Reply posted on --/--/---- --:-- AM

This helped me with an unrelated "Invalid certificate chain" issue. Thanks, @Mukundha Madhavan!

Posted on --/--/---- --:-- AM
Not applicable
In response to gnanasekaran
Reply posted on --/--/---- --:-- AM

Not according to the Apigee documentation at http://docs.apigee.com/api-services/content/keystores-and-truststores

"In one-way TLS, a truststore is not required if the cert is signed by a valid CA"

0 Likes