1. Enabled the trace for the call made via Edge and found that the cause for 503 Error is that we get the handshake failure:
Received fatal alert: handshake_failure
2. When I ran the direct call to the backend server from the Message Processor, I got 200 successful response.
3. I ran the openssl command against the backend server and found the following information:
adevegowda-macbookpro:~ adevegowda$ openssl s_client -connect <backendserver>:443 CONNECTED(00000003) 70541:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:/BuildRoot/Library/Caches/com.apple.xbs/Sources/OpenSSL098/OpenSSL098-64.50.6/src/ssl/s23_clnt.c:593: adevegowda-macbookpro:~ adevegowda$
openssl command without server name, showed the handshake failure.
4. Ran the openssl command to the backends server with the servername
adevegowda-macbookpro:~ adevegowda$ openssl s_client -connect <backendserver>:443 -servername <backendserver>
CONNECTED(00000003)
depth=1 /C=US/O=Symantec Corporation/OU=Symantec Trust Network/CN=Symantec Class 3 Secure Server CA - G4
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
...<snipped>
I was able to get the server certificate information as shown above.
5. This shows that your backend server was SNI enabled.
6. By default, on the MPs, SNI property is disabled. So, we were seeing this issue.
7. Enabled the SNI property jsse.enableSNIExtension to true on the MP
jsse.enableSNIExtension=true
With this, we were able to get the API calls working through Apigee Edge.
LinkedIn
Twitter
