About HTTPS setting

Document ID : KB000102908
Last Modified Date : 30/08/2018
Show Technical Document Details
Question:
The following message is output when curl send HTTPS request to API Gateway.
NSS: client certificate not found (nickname not specified) message appears.
It seems it is error.
What is root cause?

Message example:
* skipping SSL peer certificate verification
* NSS: client certificate not found (nickname not specified)
* SSL connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
 
Environment:
CA API Gateway 8.x
CA API Gateway 9.0
CA API Gateway 9.1
CA API Gateway 9.2
CA API Gateway 9.3
 
Answer:
API Gateway has function for specify whether the client must present a certificate to authenticate.
It is Client Authentication of Listen Port Properties.
If "Client Authentication" is not None, the client certificate is checked against the request.
So this message will be output to the curl result.
If "Client Authentication" is set to None, client certificate verification will not be done.

Please do the step.
01. Select Menu -> Tasks -> Transports -> Manage Listen Ports.
02. Select the [SSL/TLS Settings] Tab in Listen Ports Properties pop.
03. Set Client Authentication = None.