webMethods

 View Only
Expand all | Collapse all

Openshift: Error while connecting to API Gateway from API portal in Openshift containers

  • 1.  Openshift: Error while connecting to API Gateway from API portal in Openshift containers

    Posted 14 days ago

    We have recently added a load balancer and when I am trying to execute an API from API Portal i am getting the below error

    We are on 10.15 and our API Portal is hosted on OpenShift.

    -1 PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target; nested exception is javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

    I tried to add the add the certificates to /opt/softwareag/jvm/jvm/lib/security/cacerts but no luck with that.

    We have recently added a loadbalancer(which is a service) and when I am trying to execute an API from API Portal I am getting the below error

    -1 PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target; nested exception is javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

    If I run the same API using postman, I am getting a successful response but when I run the same using portal i get the above error.

    I tried to add the add the certificates(root,Intermediate,Server) to /opt/softwareag/jvm/jvm/lib/security/cacerts but no luck with that. 



    ------------------------------
    Abhijith Parre
    ------------------------------


  • 2.  RE: Openshift: Error while connecting to API Gateway from API portal in Openshift containers

    Posted 12 days ago

    I have managed to fix the issue.

    • Downloaded the cacerts file from openshift pod.
    • Downloaded the certificate chain of the new certificate along with root,intermediate and client certificate.
    • Ran the keytool commands as below
      •  keytool -importcert -file "Go Daddy Root Certificate Authority - G2.crt" -keystore cacerts -alias "devportalroot"
      • keytool -importcert -file "Go Daddy Secure Certificate Authority - G21.crt" -keystore cacerts -alias "devportalintermediate"
      • keytool -importcert -file "client.crt" -keystore cacerts -alias "devportalclient"
    • Created a config map in Openshift with the updated cacerts file.
    • Referenced the CAcerts as mount path in stateful sets and restarted the pods and tested it from dev portal and it worked.

    Regards

    Abhijith



    ------------------------------
    Abhijith Parre
    ------------------------------