Question & Answer
Question
What information should be collected to help IBM Support to troubleshoot SSL and certificates problems in IBM API Connect?
Answer
The following information describes the documentation needed by IBM support to investigate the SSL and certificates issues:
- Describe the issue
- Provide a detailed problem description which includes the error messages or unexpected results. Some screenshots might be very helpful to illustrate the errors or unexpected results.
- Provide some details regarding the configuration of the TLS profile and API (which is experiencing the issue). You can provide the following information, which might help us to get a clear understanding about the issue:
- Screen shots of the TLS profile.
- Is this a new configuration you are trying or it is an existing configuration which stopped working? If this is an existing configuration, is there anything recently changed before seeing the issue? If this is a new configuration, please make sure using the supported certificate format: P12 (PKCS12) that contain the private key, the public certificate from the Certificate Authority, and all intermediate certificates for the Present Certificate and P12 (PKCS12) or PEM for the Trust Store. Please see IBM Documentation for details: https://www.ibm.com/support/knowledgecenter/en/SSMNED_5.0.0/com.ibm.apic.cmc.doc/ssl.html and https://www.ibm.com/support/knowledgecenter/en/SSMNED_5.0.0/com.ibm.apic.apionprem.doc/task_apionprem_ssl.html
- Which API or which policy in the API assemble is facing the issue?
- Did you change any configuration in the DataPower's APIM domain? If yes, please let us know which configuration has been changed?
- Provide the firmware version you are using for APIC (CLI command output of "system show version") and DataPower (CLI command output of " show version").
- Recreate the issue and and collect the following data
- Set log level:debug and enable packet capture from the DataPower (Please change these settings back to the original after recreate the issue and gather all the required data in the third item below "Download the data and submit to IBM Support for review"):
WebGUI: Control Panel -> Troubleshooting or Blueprint Console: Administration -> Debug -> Troubleshooting- Under the Set Log Level section, set the Log Level to "debug" by using the selection box. Click Set Log Level.
- Start a packet capture from the same Troubleshooting Panel. Select the pull-down for Interface Type and select "All Interfaces" or if you already know which interface is used for the affected connection, select the pull-down for Ethernet Interface and select the specific interface.
- Set the Maximum Duration for however long you expect it will take to complete your recreate. Optionally, you can also select Continuous. NOTE: Please use caution with regard to memory storage limits.
- Click Start Packet Capture.
- After recreate the issue, under the Stop Packet Capture section, select the interface and click Stop Packet Capture.
- Provide the steps to re-create the issue, include the exact request you are using, the response returned by APIC Gateway, and the time (include timezone) when invoking the API.
- Set log level:debug and enable packet capture from the DataPower (Please change these settings back to the original after recreate the issue and gather all the required data in the third item below "Download the data and submit to IBM Support for review"):
- Download the data and submit to IBM Support for review
- Generate DataPower error report:
- From the Troubleshooting Panel, under the Generate Error Report section, click Generate Error Report.
- Download the error report by clicking the View Error Report link. Or, go to File Management, temporary:/// and click the error report file to download.
- Export the packet capture:
- From the same Troubleshooting Panel, under the Start Packet Capture section, download the packet capture by clicking the Download Packet Capture link. Or, go to File Management, temporary:/// and click the packet capture file (pcap) to download.
- An export of the API's yaml file involved in this issue:
- In the API Manager (APIM), click Drafts, and then click APIs tab.
- Click the API.
- Click the More Actions icon and then click Download.
- Each APIC Management server's log files:
- In the Cloud Manager Console (CMC), click Services tab.
- Navigate to the server and click the Actions icon, then click Download logs.
- Generate DataPower error report:
- Data can be uploaded to a Case using the link below https://www.secure.ecurep.ibm.com/app/upload_sf
[{"Product":{"code":"SSMNED","label":"IBM API Connect"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"Not Applicable","Platform":[{"code":"PF009","label":"Firmware"}],"Version":"5.0","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]
Was this topic helpful?
Document Information
Modified date:
18 February 2021
UID
ibm10728541