I'm unable to configure mutual TLS in "Custom domain names" option of API Gateway.
Below are steps I have followed to configure mutual TLS configuration:
I have a root account and its child account.
Root Account Steps:
- Created a new client certificate using "client certificates" option of API gateway in root account.
- Downloaded the new certificate. the new certificate file name is
qde1ca.cert. Renamed the qde1ca.cert file using mv qde1ca.cert gateway.truststore.pem.
- uploaded
gateway.truststore.pem file to a directory application-truststore of S3 bucket of Root Account.
The S3 bucket name is integrations-us-east-1. The directory has version enabled. So, my S3 file path is s3://integrations-us-east-1/application-truststore/gateway.truststore.pem
- Noted
Object URI and Version ID of the newly uploaded gateway.truststore.pem file.
Child Account Steps
-
In child account, I tried to configure mutual TLS of Custom domain name of API Gateway.
- enabled
Mutual TLS authentication option
- Configure
Truststore URI as the Object URI (s3://integrations-us-east-1/application-truststore/gateway.truststore.pem)
- Truststore version as
Version ID of the newly uploaded gateway.truststore.pem file.
-
Saved this configuration.
When I test using Frontend that invoke APIs of API gateway, it seems that the APIs are not executing.
However, when I reset the mutual TLS configuration using OLD values Object URI and Version ID, The APIs in API Gateway works correctly!!!
What am I missing into the new mutual TLS configuration of Custom domain names configuration of API Gateway?
AWS 官方已更新 1 年前