We have an Azure API Management Service that uses a custom domain. We have it added to the custom domain section of the service, and have a certificate uploaded too.
The certificate has recently expired so we went to the blade and updated the certificate. However, when we hit the API the browser is still serving the old certificate, so we are getting an invalid cert error.
Does anyone have any idea why it might be holding onto the old cert?
After long support calls the issue turned out to be a fatal flaw with that version of the APIM. We had no option but to recreate the APIM and redeploy our APIMs. Microsoft assured us that new instances of the APIM wouldn't have the same problem.
Related
I am trying to publish the Azure APIM developer portal - it is enabled for user/pass - authentication. We haven't customized it and are just trying to get it to work.
When I click publish and go to view the portal in a different browser I get the following message
"This is a home page of the Developer portal - an automatically generated, fully customizable website for publishing your API documentation where consumers can discover APIs, learn how to use them, request access, and try them out.
The content hasn't been published yet. You can do so in "Developer portal" section of your API Management Service in the Azure portal. Learn more."
When I go back to the Portal publish page, it resets to show "Publish" as if nothing has happened?
Are there any logs or anything I can test to get this to work?
BTW - the Legacy portal works 100%.
Thank you.
I have Created the APIM instance and added the HTTP Trigger API from Function App and published the developer portal by enabling the CORS option also.
Next, I have created the user and given all APIs Level access in the APIM Instance and opened both deprecated and legacy portal in different browser, logged in with the non-administrative user:
You can see logs of all activities in the Activity log of APIM Instance:
To see the Function App API imported in the APIM Instance, you have to add that API to the products subscribed by that user:
Published the developer portal again with new changes:
Activity Logs:
Result:
You can check each log activity from the Activity log to see complete details whether the operation publish or other is succeeded and how much time it took to complete.
I want to ask about the Deployment of Forge API by Azure.
I had done it through the resource from Learn Forge, and it seems to work smoothly on the local site, but when I try to publish it, Although it shows permission
after I sign in, it shows 400 error refused, how can I do this for this error?
This is typically caused by an incorrect callback URL for the 3-legged authentication workflow.
When you develop your application locally, you typically set the callback URL (both in your application's code and in https://forge.autodesk.com/myapps) to something like http://localhost:3000/api/forge/callback/oauth).
However, when you deploy your application to Azure, AWS, Heroku, or any other cloud hosting provider, the callback URL must be updated accordingly. For example, if you deploy your application as an Azure Web App, the callback URL could look something like https://my-cool-app.azurewebsites.net/api/forge/callback/oauth. And again, you'll have to change the URL both in https://forge.autodesk.com/myapps, and in your Azure Web App settings.
We did a new release of the development portal in the Azure API Management and it showed the following message:
Creating a new revision or changing revisions will automatically update the portal to the latest version of the software. Content saved in the administrative version of the portal will not be changed.
Which caused that in my portal it now shows me in the box in the transaction detail section all the information to request the authorization token with oauth 2.0
How can I hide the authorization element so that it does not show in my portal for security reasons?
The new Authorization section in the API reference pages surfaces only public information required for clients to authenticate against your API. It doesn't show the secret configuration of your OAuth server. This information has always been publicly accessible, now we just visually render it. If, for some reason, you need to hide the public OAuth server details, you can remove the authorization server configuration from your API Management service. Keep in mind that it will also affect the test console.
If you still consider it a problem, please open a GitHub issue in the developer portal repository: https://aka.ms/apimdevportal and precisely describe your concern.
If I access my glassfish server at http://localhost:8080, I receive the glassfish welcome page, as it should be. But if I try to access the other http listener at https://localhost:8181, I receive a message like that:
(illustrative image)
How can I avoid this error message (thinking that I don't want my clients to see it)?
This is because GlassFish generates self-signed certificates for authentication (s1as and glassfish-instance). Your browser is (rightly) complaining that it doesn't trust these certificates, because anyone can fake them for a "man-in-the-middle" attack.
To get around this, you will need to obtain a new private key and certificate from a trusted CA to replace the self-signed ones.
These can then be imported to your keystore,jks and cacerts.jks, or you can create new keystores. If you're unfamiliar with how this works, I would suggest making backups of the originals, then importing to the existing keystores, since the communication between DAS and instances relies on certificates for authentication in a lot of places.
The GlassFish 4 Security Guide [PDF] should help you.
Is there an extension API which allows to access client certificates? I would like to provide a modified certificate selector based on details of the certificate.
Additionally, as far as I understood, Google Chrome does not provide its own client manager but uses native solutions for client certificate management. Due to this, full certificate management may not be possible by design. But since Chrome allows to generate and import certificates generated by the html5 tag I was wondering if an extension could import client certificates.