SSL Certificate Installation

Hi,

I’m trying to setup TYK on Ubuntu environment for a POC for our company. I did receive the certificate, keyfile and CACert file from our sysadmin. These are not self signed certificates, these were purchased. The dashboard now works perfectly on https, however any request that I make to the API Gateway results in the following error in the logs.
Request failed: Get Request failed: Get https://hsa-apigwmgt.amer.reisystems.com:3000/register/node: x509: certificate signed by unknown authority
. Not sure if I’m missing anything here. I’ve added the entries to both TYK.conf and tyk_analytics.conf

“http_server_options”: {
“use_ssl”: true,
“enable_websockets”: true,
“server_name”: “hsa-apigwmgt.amer.reisystems.com”,
“certificates”: [
{
“domain_name”: “*.amer.reisystems.com”,
“cert_file”: “/usr/share/ca-certificates/extra/wildcard_amer_reisystems_com.crt”,
“key_file”: “/usr/share/ca-certificates/extra/wildcard_amer_reisystems_com.key”
}
]
},

I’m using our actual server names here since these are within the company domain and not accessible outside.

Any help in this matter would be greatly appreciated.

Hi, did you restart the Tyk process after changing the SSL settings?

Yes, I did restart both the services, Dashboard and Gateway…

It might be an issue with intermediate certificates or the certificates not being correctly installed in the OS registry.
Are you using Docker as well?

No, I’m not using Docker. I did check if the certificates and the authority are installed correctly. Also, ran the following command: sudo dpkg-reconfigure ca-certificates
followed by: sudo update-ca-certificates

Sorry, I’m mostly into Microsoft technologies, please pardon me if I’m asking very basic Unix related questions here.

Ok, So when i ran these command again, the logs did not have these errors. However the API wasn’t being hit, only when I added port 80 to the URL, it worked fine. Thanks matiasb for quick response into this.