HTTP 403 (Forbidden) error when using route via HTTPS
search cancel

HTTP 403 (Forbidden) error when using route via HTTPS


Article ID: 45835


Updated On:


CA API Gateway


Scenario: When sending a request to a back-end via HTTPS directly via SoapUI without going through the Gateway it will execute successfully.  When we send the same request through the gateway with the back-end accepting an anonymous user (no user and password or no certificate) it will fail. The SSL handshake completes but we receive an HTTP 403 error.

The problem could be that the backend is still picking up the gateway's certificate. The gateway will send a certificate by default from its private key.  The back-end server takes the supplied certificate from the gateway which can cause an issue resulting in the back-end generating an error condition.

We can instruct the gateway not to use any certificates / private keys and just route the request to the backend without providing a certificate.


All supported versions of the API Gateway


Right-click the routing assertion, click "Select Private Key", then click "Use no private key".   After making this change, the request will be sent without providing any certificate and should get a successful response as expected.