Layer7 API Management

  • Private Community

  • 1.  Certificate not verified

    Posted Dec 15, 2017 04:39 AM

    Hi,

     

    I am getting below error when I try to connect to one of cloud based service.

     

    Problem routing to https://*****************.cs84.my.******.com/******/*******/******. Error msg: Unable to obtain HTTP response from https://*****************.cs84.my.******.com/******/*******/******: Certificate not verified. Caused by: Certificate [cn=*.cs84.my.******.com,ou=applications,o=salesforce.com\, inc,l=san francisco,st=california,c=us] path validation and/or revocation checking failed

     

     

    I have imported the certificate using Manage Certificate option in CA API Gateway-Policy Manager 9.X and restarted the Gateway.  But there is no luck.  Could some one guide me how can I get ride of this problem.



  • 2.  Re: Certificate not verified
    Best Answer

    Broadcom Employee
    Posted Dec 15, 2017 08:32 AM

    Hello,

     

    This indicates that the API Gateway rejected the certificate presented by the remote system because it was explicitly not trusted. This is due to a failure in the certificate validation process-either in validating the trust chain of the issuer or because a certificate or authority is explicitly revoked.

     

    Typically, this is caused by the API Gateway not being able to fully follow the trust chain of a certificate presented by the remote system that is not self-signed. To resolve this issue:

     

    1. Verify the certificate of the intermediary and/or root certificate authority is saved in the Manage Certificates dialog.
    2. Ensure the above certificate is trusted for signing client certificates and the certificate for a root CA is configured to act as a trust anchor.

     

    CA API Management Gateway: Certificate-related errors in audits and logs 

     

    -Alec Daniello

    APIM Support



  • 3.  Re: Certificate not verified

    Broadcom Employee
    Posted Dec 15, 2017 10:49 AM

    Hi

     

    How have you imported the certificate?

     

    And what settings within the wizard have you set it up as, particularly within the options and Validation tabs?

     

    thanks

     

    Derek Orr

    ca technologies

    Principal Consultant, CA API Management Presales

    m: 778-980-0029

    Email = Derek.Orr@ca.com<mailto:Derek.Orr@ca.com>

     

    CA API Management Community: https://communities.ca.com/community/ca-api-management-community



  • 4.  Re: Certificate not verified

    Posted Dec 18, 2017 12:18 PM

    Hi Derek,

     

    I have imported directly by providing the URL.  This is now resolved after I have selected 'Certificate is a Trust Anchor'.  Please let me know if that is not right way of doing it.



  • 5.  Re: Certificate not verified

    Broadcom Employee
    Posted Dec 18, 2017 12:25 PM

    Yes that is the right way of doing it.

     

    Derek Orr

    ca technologies

    Principal Consultant, CA API Management Presales

    m: 778-980-0029

    Email = Derek.Orr@ca.com<mailto:Derek.Orr@ca.com>

     

    CA API Management Community: https://communities.ca.com/community/ca-api-management-community