All Products
Search
Document Center

API Gateway:HTTPS certificate error

Last Updated:Jun 22, 2017

Error message

The certificate authentication error or certificate expiration prompt is returned during an HTTPS interface call.

Cause and solution

1. Invalid certificate

The certificate of the API provider is issued by a non-mainstream organization, however, it can be used for browser access because the browser automatically updates the root certificate. However, the root certificate for an operating system of an earlier version does not trust the certificate issuance organizations, or the trust has expired.

Solution

  1. Update the client root certificate. For example, for Java+Linux, update the OpenSSL client. For other operating systems and programming languages, update the root certificate used by HTTPS in the programming language.
  2. Contact the API provider to change to a mainstream SSL certificate with better compatibility.
  3. The SSL certificate validity check is omitted in the program. However, this configuration is not recommended because the request may be hijacked. The method can only be used when the API provider cannot provide a mainstream SSL certificate with better compatibility and the security risk is controllable.

2. Invalid SSL certificate of the API provider

The SSL certificate of the API provider expires.

Solution

  1. Contact the API provider to change the SSL certificate.
  2. The SSL certificate validity check is omitted in the program. However, this configuration is not recommended because the request may be hijacked. The method can only be used when the API provider cannot provide a mainstream SSL certificate with better compatibility and the security risk is controllable.