Hello,
I’ve been struggling with this issue setting up Apigee Edge Microgateway I’m figuring others may have likely overcome. I’m working with a the Apigee Edge Cloud that has been configured to use a HTTPS cert.
Following the guide after running the verify command it seems to run into an issue because our SSL certificate is using our real domain but Edge Micro may be expecting to use our apigee.net hostname. Is there a way to configure this so it works with our real domain?
Please advise. Thanks!
edgemicro verify -o myorg -e dev -k somekey -s somesecret
Output:
edge micro agent listening on 9000
warning: jwt_public_key download from [https://myorg-dev.apigee.net/edgemicro-auth/publicKey](https://myorg-dev.apigee.net/edgemicro-auth/publicKey) returned { [Error: Hostname/IP doesn't match certificate's altnames: "Host: myorg-dev.apigee.net. is not in the cert's altnames: DNS:dev.api.mydomain.com"]
reason: 'Host: myorg-dev.apigee.net. is not in the cert\'s altnames: DNS:dev.api.mydomain.com',
I gave that a try with no luck. I seem to get a 404 not found when attempting to call the publicKey resource even though it’s been deployed.
edgemicro verify -o myorg -e dev -k somekey -s somesecret
ℹ edge micro agent listening on 9000
warning: jwt_public_key download from [https://myorg-dev.apigee.net/edgemicro-auth/publicKey](https://myorg-dev.apigee.net/edgemicro-auth/publicKey) returned 404 Not Found
warning: error downloading config, please check bootstrap configuration [Error: Not Found]
warning: no edge micro proxies found in org
warning: no products found in org
I did a fresh reinstall. And run the configure command again after making the above changes. Did you do that?
Kristopher, looks like you have some custom cert and virtualhost etc. Can you try following? Another customer had similar situation which ‘edgemicro configure’ currently don’t assume.
In you agent/config/default.yaml, pls change https://myorg-dev.apigee.net/edgemicro-auth/publicKey to https://your-domain-name/edgemicro-auth/publicKey assuming ‘curl https://your-domain-name/edgemicro-auth/publicKey’ works.
I tried a few more things by reviewing the output and trying a fresh install. Also, even though it’s not explictly in the setup documentation I went ahead and added the edgemicro_weather and setup an API product. Finally, to get the jwt_public_key to download I needed to add the ‘https_vhost’ to the edgemicro-auth proxy xml.
<HTTPProxyConnection>
<BasePath>/edgemicro-auth</BasePath>
<Properties/>
<VirtualHost>default</VirtualHost>
<VirtualHost>secure</VirtualHost>
<VirtualHost>https_vhost</VirtualHost>
</HTTPProxyConnection>
After all this it seems like I get more 200 in the first few checks but still fails on some of the final requests.
ℹ edge micro agent listening on 9000
info: jwt_public_key download from [https://myorg-dev.apigee.net/edgemicro-auth/publicKey](https://myorg-dev.apigee.net/edgemicro-auth/publicKey) returned 200 OK
info: products download from [https://myorg-dev.apigee.net/edgemicro-auth/products](https://myorg-dev.apigee.net/edgemicro-auth/products) returned 200 OK
info: config download from [https://edgemicroservices-us-east-1.apigee.net/edgemicro/bootstrap/organization/myorg/environment/dev](https://edgemicroservices-us-east-1.apigee.net/edgemicro/bootstrap/organization/myorg/environment/dev) returned 200 OK
downloaded proxies [ { apiProxyName: 'edgemicro_weather',
revision: '1',
proxyEndpoint: { name: 'default', basePath: '/weather' },
targetEndpoint: { name: 'default', url: 'https://weather.yahooapis.com' } } ]
downloaded products [ { apiResources: [],
approvalType: 'manual',
attributes:
.... (lot of json)
downloaded jwt_public_key (log key)
verifying analytics negative case: OK
/Applications/apigee-edge-micro-1.1.0/gateway/lib/logging.js:24
testLogFile = fs.createWriteStream('test.log', { flags: 'w', mode: 0o0600, en
^
SyntaxError: Unexpected token ILLEGAL
at exports.runInThisContext (vm.js:73:16)
at Module._compile (module.js:443:25)
at Object.Module._extensions..js (module.js:478:10)
at Module.load (module.js:355:32)
at Function.Module._load (module.js:310:12)
at Module.require (module.js:365:17)
at require (module.js:384:17)
at Object.start (/Applications/apigee-edge-micro-1.1.0/gateway/lib/gateway.js:32:16)
at Object.start (/Applications/apigee-edge-micro-1.1.0/gateway/lib/monitor.js:86:15)
at processMessage (/Applications/apigee-edge-micro-1.1.0/gateway/lib/monitor.js:58:32)
verifying bootstrap url availability:OK
verifying jwt_public_key availability: OK
verifying quota with configured products: OK
verifying analytics with payload: OK
[ { pid: 26750,
uid: 'MwMg',
running: true,
restarts: 1,
since: '2015-12-21T20:37:21.308Z' } ]
MwMg on restart
assert.js:86
throw new assert.AssertionError({
^
AssertionError: true == false
at Request._callback (/Applications/apigee-edge-micro-1.1.0/cli/bin/edgemicro:745:18)
at Request.self.callback (/Applications/apigee-edge-micro-1.1.0/cli/node_modules/request/request.js:198:22)
at Request.emit (events.js:110:17)
at Request.<anonymous> (/Applications/apigee-edge-micro-1.1.0/cli/node_modules/request/request.js:1082:10)
at Request.emit (events.js:129:20)
at IncomingMessage.<anonymous> (/Applications/apigee-edge-micro-1.1.0/cli/node_modules/request/request.js:1009:12)
at IncomingMessage.emit (events.js:129:20)
at _stream_readable.js:908:16
at process._tickCallback (node.js:355:11)
1 Like
I did… but will start from scratch again.
You have wrong node version. Doc should say it as part of prereq. You need node v4.2.x. It wont work with v0.10 or v0.12.
Updated node to v4.2.3 and updated domain in default.yaml.
Every seems to validate cleanly now. So in summary what I needed to do was.
#1 Make sure to have node v4.2.3
#2 export NODE_TLS_REJECT_UNAUTHORIZED=0
#3 Update proxy to include VirtualHost>https_vhost
#4 Update entry in jwt_public_key to point to our own domain
I’ll work over the rest of the steps in the guide and let you know if I run into any more blockers
Thanks and Awesome. I am glad you are back to trying EM again. 
I think with what you did in #4, #2 may not be needed.
I think your correct. All is well now. One last question. If now wanted to replicate this across multiple servers would I need to redo the entire installation or just copy what I have?
Copying entire installation should be fine. Something which we wanted. Have devs configure it on their workstation and move to prod.
@Geir Sjurseth
@pdani
We are trying to setup edge microgateway v2.0.0 and facing an issue during config step. We have deployed a custom SSL certificate on edge and created a new VHOST(customdomain.com).
While running the edgemicro config command, it throws the below error.
edgemicro configure -o customdomain -e test -u xxxx@customdomain.com
[Error: Hostname/IP doesn’t match certificate’s altnames: “Host: customdomain.apigee.net. is not in the cert’s altnames: DNS:customdomain.com”]
The egdemicro config command seems to use the Org and Environment names to connect to edge to configure microgateway and uses *.apigee.net domain.
We have tried changing the domain name in config/default.yaml file to use the new domain name instead of apigee.net as suggested in the below community post.
https://community.apigee.com/questions/14877/verify-edge-micro-install-errors-on-ssl-cert.html
After changing the domain name, it throws the below error. Seems it is expecting *.apigee.net domain at some point during the micro gateway configuration.
[Error: Hostname/IP doesn’t match certificate’s altnames: "Host: customdomain.com. is not in the cert’s altnames: DNS:.apigee.net, DNS:apigee.net"] reason: 'Host: customdomain.com. is not in the cert's altnames: DNS:.apigee.net, DNS:apigee.net’
Could you help us with resolving this domain issue or provide details on configuring micro gateway with a custom domain?
I know you can provide a separate virtualhost-name at configure time… if you do that instead does it work then?
/geir
We did try that but it didnt work…
/raghav