I tried tracing some api proxy deployed on https virtual host and it fails from the trace tool with the following error message.
-------
Error Sending Request
Could not connect to https://10.125.66.45:9102/test. Make sure the URL is correct.
-------
I guess the reason is that the trace tool does not trust the server with self-signed certificate because
- I only configured one-way (not two-way) TLS in the virtualhost settings.
- I found the following error in /opt/apigee/var/log/edge-ui/edge-ui.log
-------
/v1/organizations/myorg/apis/test/revisions/1/proxies/default, Response : 200
javax.net.ssl.SSLHandshakeException: General SSLEngine problem
-------
If my guess is right, is there any way to disable server certificate validation by the trace tool or set self-signed certificate as trustable from the trace tool?
Any help to resolve this will be appreciated
Thanks,
Whats your host alias in the virtualhost?
Is this cloud or private cloud?
Thanks for your comment.
The host alias is set as <host ip address>:<port number>.
This is on Edge for Private Cloud.
I have seen this problem on my OPDK installation. To resolve it, I needed to add the self-signed cert to the list of certs trusted by the OS, on the server where edge-ui is running. This allows the Trace UI to trust the cert.
What I did is described in this answer.
Regarding self-signed certificates in general, you may be interested in this discussion on stackoverflow, and also in the linked-to material, which discusses "private CAs". That option may be nicer that issuing a self-signed cert, if you are generating more than one certificate.