This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Announcements
This site is in read only until July 22 as we migrate to a new platform; refer to this community post for more details.
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

Edge connection unsuccessful; the peer certificate cannot be authenticated with known CA certificates

Posted on 05-28-2017 11:36 PM
oyamatakuro
New Member
Reply posted on --/--/---- --:-- AM

Hello,

I would like to configure Dev Portal connection configuration with SSL Management API endpoint URL.
I am working with Edge for Private Cloud v4.17.01.01

The connection between Edge and Dev Portal is perfectly working with http.

But when I set Management API endpoint URL with SSL in Configuration >Dev Portal like:

https://<Edge IP address>:8443/v1

,and then test the connection, I get the following error.

Edge connection unsuccessful; the peer certificate cannot be authenticated with known CA certificates. This may occur if the system date is significantly skewed.

The sytem date should be OK and I guess the cause is because I am using self-signed certificated on Edge for the SSL configuration.

Do I need to let dev portal trust Edge? If yes, how can I do that?

Any help will be appreciated.

Solved Solved
2 12 1,930
Topic Labels
Jump to Solution
Reply
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
paulmibus
Staff
Reply posted on --/--/---- --:-- AM

The developer portal uses the Guzzle library to establish HTTP connections to the management API. This library ships with its own CA bundle for certificate validation, but that certificate bundle may be overridden. To do so, edit /opt/apigee/apigee-drupal-contrib/libraries/mgmt-api-php-sdk/vendor/guzzle/guzzle/src/Guzzle/Http/Client.php. On line 140, you will see this:

            $opts[CURLOPT_CAINFO] = __DIR__ . '/Resources/cacert.pem';

You can remove or comment (//) that line and replace it with the path of your internal CA certificate:

            $opts[CURLOPT_CAINFO] = '/opt/apigee/customer/server.crt';

I recommend storing your custom CA certificate in the /opt/apigee/customer directory, as that is a persistent path that will keep your site-specific data in one place and is guaranteed not to be touched on upgrade.

Once you have directed Guzzle to your custom CA certificate, you can use the "Test Connection" button in the developer portal UI to verify that your encrypted management API connection is working.

View solution in original post

Jump to Solution
Reply
12 REPLIES 12
Top Solution Authors
View all