About HTTPS setting
Article ID: 102908
Updated On:
Products
CA API Gateway (Layer 7)
SA94 to API SECURITY
STARTER PACK-7
CA Rapid App Security
MOBILE API GATEWAY
CA Mobile - API Gateway
CA API Gateway
Issue/Introduction
The following message is output when curl send HTTPS request to API Gateway.
NSS: client certificate not found (nickname not specified) message appears.
It seems it is error.
What is root cause?
Message example:
* skipping SSL peer certificate verification
* NSS: client certificate not found (nickname not specified)
* SSL connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
Environment
CA API Gateway 8.x
CA API Gateway 9.0
CA API Gateway 9.1
CA API Gateway 9.2
CA API Gateway 9.3
CA API Gateway 9.0
CA API Gateway 9.1
CA API Gateway 9.2
CA API Gateway 9.3
Resolution
API Gateway has function for specify whether the client must present a certificate to authenticate.
It is Client Authentication of Listen Port Properties.
If "Client Authentication" is not None, the client certificate is checked against the request.
So this message will be output to the curl result.
If "Client Authentication" is set to None, client certificate verification will not be done.
Please do the step.
01. Select Menu -> Tasks -> Transports -> Manage Listen Ports.
02. Select the [SSL/TLS Settings] Tab in Listen Ports Properties pop.
03. Set Client Authentication = None.
It is Client Authentication of Listen Port Properties.
If "Client Authentication" is not None, the client certificate is checked against the request.
So this message will be output to the curl result.
If "Client Authentication" is set to None, client certificate verification will not be done.
Please do the step.
01. Select Menu -> Tasks -> Transports -> Manage Listen Ports.
02. Select the [SSL/TLS Settings] Tab in Listen Ports Properties pop.
03. Set Client Authentication = None.
Feedback
Powered by
