Troubleshooting
Problem
A portal subsystem that uses
microServiceSecurity: custom results in the API Manager being unable to communicate with the portal, which also means snapshots fail to reach the portal.Symptom
When users upgrade API Connect from a fix pack before 10.0.5.2 to 10.0.5.2 or later, the portal subsystem might show an error in the portal nginx pod like:
[ openresty stderr] 384 1894b6:3d7c22:982e03 2022-12-05 09:36:42: [error] 639#639: *1906 upstream SSL certificate does not match "portal-246c7557-www.apic.svc.cluster.local" while SSL handshaking to upstream, client: 172.30.177.245, server: api.portal.0022-e310b58a.eu-de.apiconnect.cloud.ibm.com, request: "POST /snapshot-create HTTP/1.1", upstream: "https://172.21.175.143:3009/snapshot-create", host: "api.portal.0022-e310b58a.eu-de.apiconnect.cloud.ibm.com"
Resolving The Problem
To fix the error, do one of 2 things:
-
If you originally generated the portal-server x509 cert and created the portal-server secret, then you need to regenerate it with some extra DNS names: *.<namespace>.svc.cluster.local AND <ptl-instance-name>-db
-
If you allowed the
APIConnectoperator to create the portal-server secret, then simply delete the portal-server secret by executingkubectl delete secret portal-serverand the operator creates a new one with the correct DNS names.
Document Location
Worldwide
[{"Type":"MASTER","Line of Business":{"code":"LOB45","label":"Automation"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSMNED","label":"IBM API Connect"},"ARM Category":[{"code":"a8m0z0000000C9GAAU","label":"API Connect-\u003EDeveloper Portal (MM)-\u003EOut of Sync"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"10.0.5"}]
Was this topic helpful?
Document Information
Modified date:
15 December 2022
UID
ibm16846263