Portal SSL certificzte verification with Azure Application Gateway

book

Article ID: 236956

calendar_today

Updated On:

Products

CA API Developer Portal

Issue/Introduction

When I run SSL query to portal <IP>:443 using open ssl – portal returns only server certificate and not full certificate chain (which should include Intermediate CA and root CA certificate as well).

Azure application gateway consequentially can not compare its own copy of comapny's Root CA certificate with Root CA certificate sent by backend server (portal in this case).

 This process on the other hand works fine on API gateway – gateway provides full chain and result of comparison with certificate on GW is “match”.

To make SSL encryption work we need to have same behavior on portal as we see on gateway (present full certificate chain).

Is there a solution to the issue ?

Environment

Release : 5.0

Component : API PORTAL

Resolution

azure gateway. 

  1. login into dispatcher using docker exec -it <pod id> sh 
  2. Navigate to /etc/ngnix
  3. Execute: echo "${HTTPD_SSL_KEY}" | base64 -d | openssl pkcs12 -nodes -passin pass:"${HTTPD_SSL_KEY_PASS}" | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > dispatcher.crt
  4. cat dispatcher.crt to confirm it is a chain
  5. /usr/sbin/nginx -s reload to relaod ngnix 
  6. Verify cert chain in the browser by accessing the portal url.