Hi -
We are getting the following error in Postman. Any ideas on what might be happening? Yes, I can disable the SSL certificate, but I do not really want to tell our customers that. So what do I need to do to make this work for our customers seamlessly on Apigee/server side?
BTW, Our cert analysis says incomplete. I would appreciate if someone can advice on what we need to do there and if that can help fix the issue.
https://www.ssllabs.com/ssltest/analyze.html?d=api.trestleiq.com
Kushal.
Can you please provide more information? Is it one way tls/ mutual tls?
Few things to make sure you are doing it correctly. Wasn’t too impressed by the ssl test – not impressive rating.
May be proper chain isn’t provided during the virtual host setup & looks broken.
create/upload the key + certificate chain properly to the platform in tls keystore.
create/upload certs to trust store
create proper references for keystore & trust store ..map them appropriately
Always allow only >tls1.2 (configurable in virtual host)
eg:
TLSv1.2
4..Restrict poor ciphers & enable strong ciphers (if possible)
eg:
ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256
All these you can do in VH properties -https://docs.apigee.com/api-platform/fundamentals/virtual-hosts
Mutual TLS:
Example:
443 api.trestleiq.com true true ref://trestleiq-ks-ref trestleiq ref://trestleiq-ts-ref TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256Just for awareness - bed time read on tls1.3 
https://www.rfc-editor.org/rfc/rfc8446
Good luck.
