Troubleshooting
Problem
microServiceSecurity: custom
results in the API Manager being unable to communicate with the portal, which also means snapshots fail to reach the portal.Symptom
When users upgrade API Connect from a fix pack before 10.0.5.2 to 10.0.5.2 or later, the portal subsystem might show an error in the portal nginx pod like:
[ openresty stderr] 384 1894b6:3d7c22:982e03 2022-12-05 09:36:42: [error] 639#639: *1906 upstream SSL certificate does not match "portal-246c7557-www.apic.svc.cluster.local" while SSL handshaking to upstream, client: 172.30.177.245, server: api.portal.0022-e310b58a.eu-de.apiconnect.cloud.ibm.com, request: "POST /snapshot-create HTTP/1.1", upstream: "https://172.21.175.143:3009/snapshot-create", host: "api.portal.0022-e310b58a.eu-de.apiconnect.cloud.ibm.com"
Resolving The Problem
To fix the error, do one of 2 things:
-
If you originally generated the portal-server x509 cert and created the portal-server secret, then you need to regenerate it with some extra DNS names: *.<namespace>.svc.cluster.local AND <ptl-instance-name>-db
-
If you allowed the
APIConnect
operator to create the portal-server secret, then simply delete the portal-server secret by executingkubectl delete secret portal-server
and the operator creates a new one with the correct DNS names.
Document Location
Worldwide
Was this topic helpful?
Document Information
Modified date:
15 December 2022
UID
ibm16846263