I’m using the CE edition of the gateway, and behind that gateway have a number of services written in both Go and Java. I have the necessary configurations set to skip verification of the cert, and in general this seems to be working. However, for the Java based services, I get this error in the Tyk gateway log:
http: TLS handshake error from 192.168.192.28:57582: remote error: tls: unknown certificate
I would like to understand what Tyk is looking for here. Is there some difference that occurs when a self signed cert is converted to pkcs12 (using openssl) during the startup process? Here’s our command:
openssl pkcs12 -export -name "cert_name" -out /svccerts/service_cert.pkcs12 -in /certs/service_cert.pem -inkey /certs/service_key.pem -password pass:password
And the key is subsequently loaded into the keystore.
Interesting, this doesn’t prevent Tyk from sending the request to the service and replying with data. But I would like to have a clean log if possible.
Thanks for any information you can provide.