0

I need to call Dialogflow ES webhook with mTLS certificate. Webhook URL calls AWS custom domain API Gateway.

The webhook URL domain is created with AWS Route53 and AWS ACM.

Are there anybody trying the same configuration? Did it work?

When I disabled mTLS of API Gateway and connect using TLS, it worked well.

However, I abled mTLS and uploaded a pem file downloaded from [1] to Truststore, it didn't worked. Dialogflow got an Error as "Webhook call failed. Error: PERMISSION_DENIED, State: URL_ERROR, Reason: ERROR_OTHER, HTTP status code: 403."

It's just a guess, but I think that the file uploaded to API Gateway Trsutstore is not correct file.

[1] https://pki.goog/roots.pem

user22112385
  • 1
  • Is the mTLS certificate usable by the underlying systems? Usually *.pem files need to be `chwon 400 {pem_file}` – SterbenTheOG Jun 22 '23 at 07:53
  • Does chwon mean chmod? *.pem file is uploaded to AWS S3 as an object and the system has permission to access. – user22112385 Jun 23 '23 at 02:36
  • Yes! Sorry, I meant `chmod`, you are right. Have you tried the following AWS documentation? https://docs.aws.amazon.com/apigateway/latest/developerguide/rest-api-mutual-tls.html Last time I worked with mTLS I had issues with interpreting the .X509 certificate the client sends to the server, but that guide should help, I hope it does :) – SterbenTheOG Jun 23 '23 at 06:20
  • Remember *.pem files need to have the correct permissions set on them to be usable by servers, hence the `chmod 400 {pem_file}` – SterbenTheOG Jun 23 '23 at 06:21

0 Answers0