About HTTPS setting

book

Article ID: 102908

calendar_today

Updated On:

Products

CA API Gateway (Layer 7) SA94 to API SECURITY STARTER PACK-7 CA Rapid App Security MOBILE API GATEWAY CA Mobile - API Gateway CA API Gateway

Issue/Introduction



The following message is output when curl send HTTPS request to API Gateway.
NSS: client certificate not found (nickname not specified) message appears.
It seems it is error.
What is root cause?

Message example:
* skipping SSL peer certificate verification
* NSS: client certificate not found (nickname not specified)
* SSL connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
 

Environment

CA API Gateway 8.x
CA API Gateway 9.0
CA API Gateway 9.1
CA API Gateway 9.2
CA API Gateway 9.3
 

Resolution

API Gateway has function for specify whether the client must present a certificate to authenticate.
It is Client Authentication of Listen Port Properties.
If "Client Authentication" is not None, the client certificate is checked against the request.
So this message will be output to the curl result.
If "Client Authentication" is set to None, client certificate verification will not be done.

Please do the step.
01. Select Menu -> Tasks -> Transports -> Manage Listen Ports.
02. Select the [SSL/TLS Settings] Tab in Listen Ports Properties pop.
03. Set Client Authentication = None.