Api Gateway mTls ( 2 Way SSL) exception

0
  1. I have enabled the mTls for my api-gateway.
  2. And updated the trust store with the public cert provided by the client.
  3. Client try to request the url and get javax.net.ssl.SSLHandshakeException exception

Could you please advise why this exception happens on the client side?

1개 답변
0

Hi,

You mentioned updating your trust store with the public cert provided by the client. However, kindly note that your trust store must contain at least the following keys and certificates [1]:

  • root CA private key
  • root CA public key)
  • client certificate signing request
  • client certificate private key
  • client certificate public key

With that being said there are multiple variants of errors which fall under the javax.net.ssl.SSLHandshakeException.

Depending on the additional information found in the error message, the answer will be different. Could I kindly ask that you provide the full error message from the client?

For example it would look something like this: "javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target"

I would however, highly recommend ensuring and validating that the steps provided at [1] are correct as that would help isolate the issue.

Also, is it only a specific client having trouble connecting to your API? Or are other clients able to send requests to your API-GW successfully?

References: [1] https://aws.amazon.com/blogs/compute/introducing-mutual-tls-authentication-for-amazon-api-gateway/

AWS
지원 엔지니어
Kobus_C
답변함 일 년 전

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인

관련 콘텐츠