Issue with certification validation in Apigee

anonymous · September 4, 2015, 3:00am

Hi,

I am trying to proxy a site, which I know has bad certificates. Please find the curl info below

curl -v “https://pcwebshop.co.uk”

* Rebuilt URL to: https://pcwebshop.co.uk/

* Hostname was NOT found in DNS cache

* Trying 217.160.239.225…

* Connected to pcwebshop.co.uk (127.0.0.1) port 443 (#0)

* SSL certificate problem: Invalid certificate chain

* Closing connection 0

curl: (60) SSL certificate problem: Invalid certificate chain

More details here: http://curl.haxx.se/docs/sslcerts.html

But, Apigee is doing a handshake and not complaining. I have tried adding the below tag in SSLInfo of target endpoint.

false

But, it behaves same. Can someone please let me know how, we can ensure that we are talking to the right server.

Thanks

gnanasekaran · September 4, 2015, 4:01am

you need to specify the Truststore in SSLInfo that contains valid certs/ca to accept, otherwise it will behave the way like curl with a ‘-k’ switch - ignore server cert validation

jonesfloyd · October 15, 2015, 9:59pm

This helped me with an unrelated “Invalid certificate chain” issue. Thanks, @Mukundha Madhavan!

anonymous · January 18, 2017, 6:42am

Not according to the Apigee documentation at http://docs.apigee.com/api-services/content/keystores-and-truststores

“In one-way TLS, a truststore is not required if the cert is signed by a valid CA”

Topic		Replies	Views
HTTPTargetConnection + URL working when server cert is expired, Is this expected? Apigee api-runtime	3	5	July 7, 2016
Security Concern: Are our APIs safe in Apigee Edge? Apigee api-runtime	4	10	March 18, 2018
Self-signed certificates in one way TLS connection Apigee apigee-general	1	9	November 29, 2017

Issue with certification validation in Apigee

AI Suggested topics