IBM Support

IT29943: API GATEWAY SERVICE EXPECTS X509 CERTIFICATE WITHOUT LINEBREAKS

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

 

APAR status

  • Closed as program error.

Error description

  • The user created an app in API Connect Portal and noticed that
the format of the x509 certificate pasted into the
"Certificate" field in the Portal can affect mTLS success.
Case 1: The user provides the certificate in the following
format:
-----BEGIN CERTIFICATE-----
CERTIFICATE_IN_B64_FORMAT_ON_ONE_LINE
-----END CERTIFICATE-----
Everything works fine, the app is created and the API can be
invoked using the correct client id and the provided
certificate.
Case 2: The user provides the certificate in the following
format (so with CR/LF or LF line breaks):
-----BEGIN CERTIFICATE-----
CERTIFICATE_DATA_LINE_1 CRLF
CERTIFICATE_DATA_LINE_2 CRLF
CERTIFICATE_DATA_LINE_3 CRLF
....
-----END CERTIFICATE-----
The App is created but when trying to invoke the API with the
correct client id and client certificate you receive:
{
"httpCode": "401",
"httpMessage": "Unauthorized",
"moreInformation": "Client certificates for mutual TLS in the
API request doesn't match the registered certificate."
}

Local fix

  • Ensure the base64 encoded certificate does not have any
linefeeds (CR/LF or LF) but is a one-liner.

Problem summary

  • The fix now allows newline characters.

Problem conclusion

  • The fix is in 2018.4.1.7

Temporary fix

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    IT29943
    • 

  • Reported component name
    DATAPOWER
    • 

  • Reported component ID
    DP1234567
    • 

  • Reported release
    18X
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2019-08-08
    • 

  • Closed date
    2019-08-26
    • 

  • Last modified date
    2019-08-26
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    DATAPOWER
    • 

  • Fixed component ID
    DP1234567
    • 



Applicable component levels


    








      
              
                            

              

              [{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SS9H2Y","label":"IBM DataPower Gateway"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"18X","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            11 February 2022
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback