Just using postman I can set up a certificate and connect to active subscriptions. When I try and connect to the Mock API to test the connection for, getting course runs, for example, I am getting an error
Error: error:0b000074:X.509 certificate routines:OPENSSL_internal:KEY_VALUES_MISMATCH
Is there a different way I am supposed to test certificate connections?
While it's not such a big deal with GET requests, this is going to be important for POST requests.
You don't need a certificate to call Mock APIs.
You can instead try to call it directly without the certificate as it will only display a mock response of the API.
I create an API where I configure the endpoint: https://ssl.croinform.ru:450/api.test And there is a problem with https, I am not getting a response to the request. It seems the WSO2 API Manager API gateway is not proxying requests to the endpoint. When I make requests directly, I pre-configure the infrastructure: install the openssl counterpart, install the cacer.p7b and ssl.croinform.cer certificates. After that, I successfully receive responses from the ssl.croinform.ru:450/api.test service.
I was advised to add a certificate according to this manual: https://apim.docs.wso2.com/en/3.2.0/learn/design-api/endpoints/certificates/#adding-a-certificate-for-an-endpoint I did everything according to the manual, but requests to https are still not transmitted. The problem is I need to import two certificates: cacer.p7b, ssl.croinform.cer. I manage to add the .cer certificate, but the .p7b certificate is not added (I get an error), I suppose the .p7b file extension is simply not supported. But I need to transfer the whole certificate chain. Also, I do not understand how encryption is supported in wso2-am, but this is important, since traffic with a remote API is encrypted using tls. Am I getting it right that wso2-am works with openssl? If so, is it possible to use any other alternative software? In my case, openssl does not support some regional standards. I am still asking for hints or directions on my problem.
When I install a certificate with a .p7b extension in the portal I get the following error: The server encountered an internal error. Please contact administrator. The wso2carbon.log file contains the following events: ERROR {org.wso2.carbon.apimgt.impl.utils.CertificateMgtUtils} - Error loading certificate. java.security.cert.CertificateException: Unable to initialize, java.io.IOException: Short read of DER length at java.base / sun.security.x509.X509CertImpl. (X509CertImpl.java:197) at java.base / sun.security.provider.X509Factory.engineGenerateCertificate (X509Factory.java:10
Continuing: ERROR {org.wso2.carbon.apimgt.impl.certificatemgt.CertificateManagerImpl} - Error adding the certificate to Publisher Trust Store. Rolling back... ERROR {org.wso2.carbon.apimgt.impl.APIProviderImpl} - Adding certificate to the Publisher node is failed. No certificate changes will be affected. ERROR {org.wso2.carbon.apimgt.rest.api.publisher.v1.impl.EndpointCertificatesApiServiceImpl} - Error while adding the certificate due to an internal server error
Can you tell me what I need to do to make this work in WSO2 API Manager?
I need help figuring out if there is a way to bypass the client cert requirement using CFHTTP tag over SSL. I am getting a handshake error response using coldfusion. However using postman I'm able to bypass the certificate in the settings and the api call goes through fine.
I want to call a third party web service from TIBCO BW6.X via SOAP over HTTPS by using basic authentication.
I can do it with SOAPUI just by adding authorization as a HTTP header with the key (like Authorization: Basic QWxhZGRpbjpPcGVuU2VzYW1) and it works fine. But using BW, I have to create an SSL resource with certifcates to use HTTPS.
My question is : Can I connect to a web service using HTTPS URL without SSL/certificates? If yes, then how? else, why can I do it with SOAPUI?
Thanks.
The answer depends on the soap client you are using. Basically you need just ignore the certificate validation as far as i interpret your question.
Example for php:
Disable certificate verification in PHP SoapClient
I'm currently working on an automated deployment process for a hosted service for Windows Azure. The creation of the .cspkg and .cscfg files works perfectly using a call to msbuild. Now I'm writing a small .NET console app that should deploy these files to Azure using the Management REST API.
There is no problem concerning the API itself. I can send a request to the API using one of my management certificates. I upload the .cspkg file to Azure BLOB Storage and then try to call Upgrade Deployment. But every time I try, I get a "400 Bad Request" response stating that the certificate with thumbprint xy was not found. This certificate is the SSL certificate (not a management certificate) I'm using for HTTPS for my custom domain (DNS CNAME).
And now, the whole thing gets interesting:
When I deploy the files using the "Publish" command in my Visual Studio, there is no problem. (I compared the .cscfg/.cspkg files from VS and from my msbuild output: apart from a few GUIDs, they're identical). And furthermore, using the Silverlight Management thingy in my browser, I can even upload my generated files that could not be uploaded using the API.
When I retrieve a list of all certificates using the List Certificates call, the certificate which is said to be missing is apparently there. I can also retrieve its data using the Get Certificate call.
So why does Azure keep telling me that the certificate was not found when using the Upgrade Deployment call? Did anyone experience something similar? Has anyone the hint for me? Thanks in advance.
P.S.: This is what Azure says when I use the API:
<Error xmlns="http://schemas.microsoft.com/windowsazure" xmlns:i="http://www.w3.org/2001/XMLSchema-instance">
<Code>BadRequest</Code>
<Message>The certitficate with thumbprint 7b232c4a2d6e3deadbeef120d5dbc1fe8049fbea was not found.</Message>
</Error>
P.P.S.: Yes, the word in the response is certitficate, not certificate.
OK, after using the List Subscription Operations API call to find out what Visual Studio calls to deploy apps, I found the solution.
Turns out that the URL I used for the API request was wrong, but: with all due respect, I blame Microsoft for lousily documenting its Azure Management API.
In their documentation, they write the URL to use is:
https://management.core.windows.net/<subscription-id>/services/hostedservices/<service-name>/deploymentslots/<deployment-slot>/?comp=upgrade
And the description is the following:
To generate the request URI, replace <subscription-id> with your subscription ID, <service-name> with the name of your service, <deployment-slot> with staging or production, and <deployment-name> with the unique name of your deployment.
What they forgot to mention is, that you have to use the DNS Name of your service, and not the Name! They could at least return an appropriate error message telling you that the service name is invalid, non-existent or doesn't belong to your subscription ID, instead of complaining about some certificate issue.
Thank you Microsoft, that cost me more than two days.
The error indicates that you have not uploaded that certificate into the hosted service's secret store. Visual Studio might be doing that automagically for you, but if you want to replicate it programmatically, then use the Add Certificate API call and upload the PFX into the deployment.
You can see '400 BadRequest - The certificate with thumbprint XYZ was not found.' appear in the CreateDeployment or UpgradeDeployment scenario for the following reason (which I just debugged):
You use the same certificate for subscription management as you do for e.g. SSL or Remote Desktop password encryption in your hosted service. You therefore will use the certificate with thumbprint XYZ to authenticate your service management REST call that creates the deployment.
When specifying your deployment parameters you pass in your CSCFG which references that same cert by its thumbprint, because it needs to configure Remote Desktop/SSL etc.
That cert is not yet added to your hosted service certs.
In this case the 400 Bad Request error really is telling you that you have a bad request, because the certificate in your CSCFG is not yet attached to your hosted service. The confusion arises (for me) because, since its a multi purpose cert, you misinterpret the error message as referring to the authentication of the request, even though you are not getting 401.