HTTP 403 (Forbidden) error when using route via HTTPS

Document ID : KB000045835
Last Modified Date : 14/02/2018
Show Technical Document Details

Introduction / Summary: 

Scenario: When sending a request to a back-end via HTTPS directly via SoapUI without going through the Gateway it will execute successfully.  When we send the same request through the gateway with the back-end accepting an anonymous user (no user and password or no certificate) it will fail. The SSL handshake completes but we receive an HTTP 403 error.


The problem could be that the back-end is still picking up the gateway's certificate. The gateway will send a certificate by default from its private key.  The back-end server takes the supplied certificate from the gateway which can cause an issue resulting in the back-end generating an error condition.

We can instruct the gateway to not to use any certificates / private keys and just route the request to the back-end without providing a certificate.


To do this,  just right click the routing assertion, click "select private key" then click "use no private key".   After we make this change, the request will be sent without providing any certificate and we should get the successful response that we are looking for.