Hello Charles,
The problem might be that:
The certificate might be Invalid
The certificate wasn't issued by a trustworthy authority.
This happens with some frequency when integrating in non-productive environments, since the certificates installed on those environments are usually self-signed.
Resolution
Navigate to the service URL using a browser, and check for certificate errors. The error message displayed by the browser should help you troubleshoot what's causing the error. If you don't see any certificate error on your local browser, repeat the test using a browser installed on the server with the problem.
The most frequent reasons for an SSL certificate validation to fail are:
The hostname used in the URL doesn't match the name that's on certificate. Make sure the URL you're using and the URL on the 'Issued to' field of the certificate are the same;
The certificate expired. Install a valid certificate, or contact the support of the system you're trying to integrate with;
The Certificate Root Authority that issued the certificate is not trusted by the server. Make sure to Install the Root Certificate on the server;
The certificate is self-signed. Make sure to Install the certificate as trusted.
Original Message:
Sent: 11-04-2019 09:24 AM
From: Charles LILIENKAMP
Subject: Facing SSL related issue
Praty,
I think we would require more details. If its not in the gateway logs (and I assume though I dont have a screenshot of the fault) that its a Non Gateway error (usually soap format). And Assuming this is on the inbound connection then it would sound like either.
a) Trust or certificate or
B) Gateway latency or configuration on inbound pool.
On the occasional failure is it at peak times (more load or long running connections?)
Have you audited the concurrency on the gateway or adjusted the Cluster property io.coreconcurrency/maxcoreconcurrency?
Do you have more details?
Thanks..
Original Message:
Sent: 10-16-2019 06:13 AM
From: Pratyush Singh
Subject: Facing SSL related issue
Hi Team,
We are facing the issue as below:
Http request failed with status code 'TrustFailure' and status message: 'The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.'.
Although its an intermittent issue , I am not able to see any error logs at GW. But as per the LB logs as below, its showing that GW is not responding. SO could someone suggest accordingly.
Oct 16 02:05:21 HKD_INET_F5LB01A err tmm1[18276]: 01010028:3: No members available for pool /Common/POOL_api-gateway.com_8443
Is this issue happens because of some unsign cert at client side?
Thanks
Praty