0

I have a simple AWS API gateway endpoint. It accepts an https GET request, this is passed to a back-end https API via an integraiton request, and returns simple JSON.

This works great when we hit a back-end with an SSL cert from a trusted 3rd party CA. However, in QA, we use a self-signed cert issued to the server, and the name of the server does not match the URL used to hit it.

When we attempt to hit the API gateway stage in QA, it returns a '504'. When we hit it in prod, it works just fine.

My assumption is that the API gateway silently failing because of a certificate mismatch, and throwing a timeout error (Gateway Timeout 504). Any way to get around this with API gateway, or am I going to have to set up a 'proper' cert?

Thanks!

Dan

Mr.Budris
  • 215
  • 1
  • 3
  • 10
  • what tool are you using to interact with the API? curl -k https://someinsecureapi should ignore SSL warnings – Sum1sAdmin Dec 20 '17 at 17:28
  • AFAIK, API Gateway does not support self-signed certificates. You might consider using ACM certificates which are free. – sudo Dec 20 '17 at 17:35
  • Or even one from LetsEncrypt. Not sure what the backend is though. – stdunbar Dec 20 '17 at 17:41
  • *"My assumption is that the API gateway is timing out because of a certificate mismatch."* A certificate mismatch or other trust issue should not cause a timeout, but it also should not work, because it would be inappropriate for API Gateway to silently trust an untrustworthy (by definition) endpoint. You may have two different issues. – Michael - sqlbot Dec 21 '17 at 12:30
  • @Michael-sqlbot yeah, I agree. Let me rephrase -- I believe that API gateway is silently failing bc of a certificate mismatch, and then throwing a timeout error. Question edited to reflect this assumption. – Mr.Budris Dec 21 '17 at 16:20

0 Answers0