ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum IndexWebSphere Message Broker SupportPush REST API to API Connect

Post new topicReply to topic
Push REST API to API Connect View previous topic :: View next topic
Author Message
kash3338
PostPosted: Fri Apr 13, 2018 2:50 am Post subject: Push REST API to API Connect Reply with quote

Shaman

Joined: 08 Feb 2009
Posts: 701
Location: Chennai, India

Hi,

I am trying to create a sample REST API in IIB and push it to IBM API Connect. In the API Connect, I have done the following,

    Created and configured a Secured Gateway (using IBM Secure Gateway)
    Created a Destination in the Secure Gateway in API Connect
    The Gateway lists the Client (connected from my PC)


Now I got the Host Name of the Management server from the API Connect Dashboard URL (au.apiconnect.ibmcloud.com).

I have deployed my REST API in Integration Node and when I try to "Connect to IBM API Connect" (by providing the Host Name), I get,

Quote:
Unable to connect to IBM API Connect at host 'au.apiconnect.ibmcloud.com' port '443'


The same Host Name when given in Browser works (opens the API connect home page). Is there any setting within the broker to be done here?

I have tried this using Toolkit, Web User Interface and mqsipushapis. In all cases I get the same kind of error. The error when running the mqsipushapis command is,
Quote:
BIP9353E: An error occurred while connecting to IBM API Connect using the mqsipushapis command. The following error was reported: 'Failure sending request to IBM API Connect: Host 'au.apiconnect.ibmcloud.com' Port '443'.'
Back to top
View user's profile Send private message Send e-mail
fjb_saper
PostPosted: Sat Apr 14, 2018 12:14 am Post subject: Reply with quote

Grand Poobah

Joined: 18 Nov 2003
Posts: 19634
Location: LI,NY

Did you provide the cert signer chain to IIB's truststore? Did you setup IIB for SSL?
_________________
MQ & Broker admin
Back to top
View user's profile Send private message Send e-mail
kash3338
PostPosted: Sat Apr 14, 2018 2:25 am Post subject: Reply with quote

Shaman

Joined: 08 Feb 2009
Posts: 701
Location: Chennai, India

fjb_saper wrote:
Did you provide the cert signer chain to IIB's truststore? Did you setup IIB for SSL?


My REST service is just HTTP and not HTTPS. From where do I get the cert signer in API connect?
Back to top
View user's profile Send private message Send e-mail
fjb_saper
PostPosted: Sun Apr 15, 2018 12:19 am Post subject: Reply with quote

Grand Poobah

Joined: 18 Nov 2003
Posts: 19634
Location: LI,NY

kash3338 wrote:
fjb_saper wrote:
Did you provide the cert signer chain to IIB's truststore? Did you setup IIB for SSL?


My REST service is just HTTP and not HTTPS. From where do I get the cert signer in API connect?

It should get flowed to your browser...
_________________
MQ & Broker admin
Back to top
View user's profile Send private message Send e-mail
kash3338
PostPosted: Sun Apr 15, 2018 5:32 am Post subject: Reply with quote

Shaman

Joined: 08 Feb 2009
Posts: 701
Location: Chennai, India

fjb_saper wrote:
It should get flowed to your browser...


Even tried getting the cert from Browser and setting it up in Broker. Still no luck. Same issue. I don't think that is required in any case as it is not mentioned in any documentations.

Also, I tried setting the Broker SSLProtocol to 'TLSv1.2' (since the cert info has the protocol mentioned as TLS v1.2 in browser for 'au.apiconnect.ibmcloud.com').

Still no documentation says anything about these settings in Broker for "Pushing REST API to API Connect'. Is there something else to be taken care of?
Back to top
View user's profile Send private message Send e-mail
fjb_saper
PostPosted: Sun Apr 15, 2018 8:52 am Post subject: Reply with quote

Grand Poobah

Joined: 18 Nov 2003
Posts: 19634
Location: LI,NY

You get
Quote:
Unable to connect to IBM API Connect at host 'au.apiconnect.ibmcloud.com' port '443'

which tells me you are trying to call API Connect from the broker.
For this you will need
  1. To connect to the datapower appliance endpoint, not the management server
  2. Have the signer chain in the truststore on the broker (hint the port is 443 so the conversation is SSL/ TLS
  3. If 2 way SSL/TLS, you will also need to provide the broker with its own SSL/TLS key

Good luck
_________________
MQ & Broker admin
Back to top
View user's profile Send private message Send e-mail
kash3338
PostPosted: Sun Apr 15, 2018 10:31 pm Post subject: Reply with quote

Shaman

Joined: 08 Feb 2009
Posts: 701
Location: Chennai, India

fjb_saper wrote:
You get
Quote:
Unable to connect to IBM API Connect at host 'au.apiconnect.ibmcloud.com' port '443'

which tells me you are trying to call API Connect from the broker.
For this you will need
  1. To connect to the datapower appliance endpoint, not the management server
  2. Have the signer chain in the truststore on the broker (hint the port is 443 so the conversation is SSL/ TLS
  3. If 2 way SSL/TLS, you will also need to provide the broker with its own SSL/TLS key

Good luck


I have gone through many articles on "How to push API's from IIB Broker to API connect" and none of them have mentioned about using Datapower. As per all the links, the procedure is very simple. The Management server Host should be taken from the API Connect service URL (which is 'au.apiconnect.ibmcloud.com').

Some of the articles in IBM developerWorks which explains the procedure to connect to API connect,


Even the Infocenter does not mention about using the Datapower URL and it just says Enter the connection details for your IBM API Connect server in the Host and Port fields and nothing related to Datapower gateways.

I checked the same on An Architectural and Practical Guide to IBM Hybrid Integration Platform Redbook, even there it is mentioned that,
Quote:
The Push REST APIs to IBM API Connect window is displayed, in which you define your connection to the API Connect instance in your Bluemix organization. Enter the connection details for your IBM API Connect server in the Host and Port fields. The Host depends on which region of Bluemix you are using (Table 5-9). The port is 443.

The table values are,
    US South - us.apiconnect.ibmcloud.com
    Sydney - au.apiconnect.ibmcloud.com
    United Kingdom - eu.apiconnect.ibmcloud.com
Back to top
View user's profile Send private message Send e-mail
abhi_thri
PostPosted: Mon Apr 16, 2018 12:07 am Post subject: Reply with quote

Centurion

Joined: 17 Jul 2017
Posts: 134
Location: UK

Have you checked whether the firewall allows the connection from the IIB server in the first place? i.e does 'telnet au.apiconnect.ibmcloud.com 443' work from the IIB node?
Back to top
View user's profile Send private message
kash3338
PostPosted: Mon Apr 16, 2018 12:15 am Post subject: Reply with quote

Shaman

Joined: 08 Feb 2009
Posts: 701
Location: Chennai, India

abhi_thri wrote:
Have you checked whether the firewall allows the connection from the IIB server in the first place? i.e does 'telnet au.apiconnect.ibmcloud.com 443' work from the IIB node?


Telnet from IIB Server works for 'au.apiconnect.ibmcloud.com 443'. Even I am able to access the IBM Cloud server (au.apiconnect.ibmcloud.com) from my Web Browser.

The issue comes only when I try to connect from my IIB Node. I tried using the Toolkit, Web User Interface and mqsipushapis command. All 3 options gives the same error:
Quote:
Unable to connect to IBM API Connect at host 'au.apiconnect.ibmcloud.com' port '443'
Back to top
View user's profile Send private message Send e-mail
fjb_saper
PostPosted: Mon Apr 16, 2018 7:35 pm Post subject: Reply with quote

Grand Poobah

Joined: 18 Nov 2003
Posts: 19634
Location: LI,NY

You are right for the push / publish. It goes to the management server.

But we're not talking about the publish of the API now are we? We are talking about invoking it once it's been published!
_________________
MQ & Broker admin
Back to top
View user's profile Send private message Send e-mail
kash3338
PostPosted: Mon Apr 16, 2018 7:46 pm Post subject: Reply with quote

Shaman

Joined: 08 Feb 2009
Posts: 701
Location: Chennai, India

fjb_saper wrote:
You are right for the push / publish. It goes to the management server.

But we're not talking about the publish of the API now are we? We are talking about invoking it once it's been published!


I thought I was clear in my query

My problem is in Push / Publish of REST API from on-premise IIB 10.0.0.11 to API Connect. My question in my first post in this thread was,

Quote:
Hi,

I am trying to create a sample REST API in IIB and push it to IBM API Connect.
......
......
I have deployed my REST API in Integration Node and when I try to "Connect to IBM API Connect" (by providing the Host Name), I get,

Quote:

Unable to connect to IBM API Connect at host 'au.apiconnect.ibmcloud.com' port '443'

Back to top
View user's profile Send private message Send e-mail
fjb_saper
PostPosted: Mon Apr 16, 2018 8:03 pm Post subject: Reply with quote

Grand Poobah

Joined: 18 Nov 2003
Posts: 19634
Location: LI,NY

kash3338 wrote:
fjb_saper wrote:
You are right for the push / publish. It goes to the management server.

But we're not talking about the publish of the API now are we? We are talking about invoking it once it's been published!


I thought I was clear in my query

My problem is in Push / Publish of REST API from on-premise IIB 10.0.0.11 to API Connect. My question in my first post in this thread was,

Quote:
Hi,

I am trying to create a sample REST API in IIB and push it to IBM API Connect.
......
......
I have deployed my REST API in Integration Node and when I try to "Connect to IBM API Connect" (by providing the Host Name), I get,

Quote:

Unable to connect to IBM API Connect at host 'au.apiconnect.ibmcloud.com' port '443'

my bad I thought the push was done and you were trying to invoke it.
Obviously you are required to use SSL / TLS (port 443). Verify the default truststore for the java running the deploy to cloud process. You might want to check it, running it with -Djavax.net.debug=all and see where it looks for the truststore. Then make sure the truststore has the cert chain of the management server.

Hope it helps
_________________
MQ & Broker admin


Last edited by fjb_saper on Tue Apr 17, 2018 2:24 am; edited 2 times in total
Back to top
View user's profile Send private message Send e-mail
kash3338
PostPosted: Mon Apr 16, 2018 10:48 pm Post subject: Reply with quote

Shaman

Joined: 08 Feb 2009
Posts: 701
Location: Chennai, India

fjb_saper wrote:
my bad I thought the push was done and you were trying to invoke it.
Obviously you are required to use SSL / TLS (port 443). Verify the default truststore for the java running the deploy to cloud process. You might want to check it, running it with -Djavax.net.debug=all and see where it looks for the truststore. Then make sure the truststore has the cert chain of the management server.

Hope it helps


I have set the SSL cert of API Connect Management server (by exporting the cert from browser when accessing the site 'au.apiconnect.ibmcloud.com').

The mqsireportproperties on my BrokerRegistry looks like below,
Quote:

BrokerRegistry
uuid='BrokerRegistry'
brokerKeystoreType='JKS'
brokerKeystoreFile='C:\Program Files\IBM\IIB\10.0.0.7\TESTNODE_Kashyap.jks'
brokerKeystorePass='brokerKeystore::password'
brokerTruststoreType='JKS'
brokerTruststoreFile='C:\Program Files\IBM\IIB\10.0.0.7\common\jdk\jre\lib\security\cacerts'
brokerTruststorePass='brokerTruststore::password'
brokerCRLFileList=''
httpConnectorPortRange=''
httpsConnectorPortRange=''
brokerKerberosConfigFile=''
brokerKerberosKeytabFile=''
allowSSLv3=''
allowSNI=''
reenableTransportAlgorithms=''
reenableCertificateAlgorithms=''
mqCCDT=''
modeExtensions=''
operationMode='advanced'
adminMessageLogging=''
productFunctionality=''
mqKeyRepository=''
dataCapturePolicyUri='/apiv1/policy/DataCapture/default'
shortDesc=''
longDesc=''


The Broker SSL Protocol is set to TLS. But still same issue. Also, I do not see any of these SSL cert configurations mentioned in any of the links I had pointed above. Is there something else that I am missing?
Back to top
View user's profile Send private message Send e-mail
fjb_saper
PostPosted: Tue Apr 17, 2018 2:28 am Post subject: Reply with quote

Grand Poobah

Joined: 18 Nov 2003
Posts: 19634
Location: LI,NY

You may not be setting it where you need. The broker is not your push tool. It is either the toolkit or the broker's web api. So the broker's web api server needs to have the cert chain in it's cert store which might be different from the broker's cert store!
_________________
MQ & Broker admin
Back to top
View user's profile Send private message Send e-mail
kash3338
PostPosted: Tue Apr 17, 2018 5:20 am Post subject: Reply with quote

Shaman

Joined: 08 Feb 2009
Posts: 701
Location: Chennai, India

fjb_saper wrote:
You may not be setting it where you need. The broker is not your push tool. It is either the toolkit or the broker's web api. So the broker's web api server needs to have the cert chain in it's cert store which might be different from the broker's cert store!


Finally! Looks like the problem is because of using my IBM Intranet ID rather than an IBM ID. I tried creating another IBM Cloud Account using my IBM ID (personal mail id) and when I tried to "Push" the API to that account, it worked!

But for some reason, when I try to "Push" the API to the API Connect cloud account (created from my IBM Intranet ID), it fails with this error. So, will this be the actual problem? Should I raise a PMR for this?
Back to top
View user's profile Send private message Send e-mail
Display posts from previous:
Post new topicReply to topic Page 1 of 1

MQSeries.net Forum IndexWebSphere Message Broker SupportPush REST API to API Connect
Jump to:



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP


Theme by Dustin Baccetti
Powered by phpBB 2001, 2002 phpBB Group

Copyright MQSeries.net. All rights reserved.