Topic
  • 9 replies
  • Latest Post - ‏2013-06-18T17:39:50Z by Nitin_Jha
gloars
gloars
24 Posts

Pinned topic Failed to Establish a BackSide Connection in Webserviceproxy

‏2009-08-17T11:45:06Z |
Hi All,

I Created Webservice Proxy.

In That Proxy i configured

1)front side HTTP Handler eg: http://10.222.10.205:sample
2)Back End URI
Eg: https://service.external.com/sample using port 80

Here i received Soap Request from client to Datapower.But i am not getting any response from BackEnd server.
In Troubleshooting also i tested TCP/IP connection Successfully.
Errors

5:36:02 ws-proxy error 640868 e 0x01130006 wsgw (Project1): Failed to establish a backside connection
05:36:02 ws-proxy error 640868 0x80e00126 wsgw (Project1): Valid backside connection could not be established: Failed to establish a backside connection
05:36:02 ws-proxy error 640868 0x80e0005a wsgw (Project1): Cannot establish SSL credentials

Note: In that error Desription showing like SSL credentials not esatblished.But Same request sent through SOAPUI tool we are getting response from server without any SSL credentials.

Pls suggest me any configuration settings needs in webservice proxy for getting responce from backend server.

Firmware Rev:XI50.3.7.2.2

Build:168415
Regards
Mahe
Updated on 2012-02-06T21:47:01Z at 2012-02-06T21:47:01Z by SystemAdmin
  • SystemAdmin
    SystemAdmin
    6772 Posts

    Re: Failed to Establish a BackSide Connection in Webserviceproxy

    ‏2009-08-17T13:18:31Z  
    Hi Mahe,

    According to the MessageReference guide, the error 0x80e0005a - "Cannot establish SSL credentials" indicates that DataPower cannot find a SSL proxy profile to use for your backend connection. Try setting one up in your user-agent. If you are currently using the default ua, create a new one for this service.
  • DP-admin
    DP-admin
    3 Posts

    Re: Failed to Establish a BackSide Connection in Webserviceproxy

    ‏2012-02-03T17:21:01Z  
    Hi Mahe,

    According to the MessageReference guide, the error 0x80e0005a - "Cannot establish SSL credentials" indicates that DataPower cannot find a SSL proxy profile to use for your backend connection. Try setting one up in your user-agent. If you are currently using the default ua, create a new one for this service.
    Hi Peter,

    Hi i'm facing the same issue, i tried the above solution but i'm still facing the same issue. Is there any other solution for "Cannot establish SSL credentials"

    Please let me know if any one have a similar problem and found the solution.
  • SystemAdmin
    SystemAdmin
    6772 Posts

    Re: Failed to Establish a BackSide Connection in Webserviceproxy

    ‏2012-02-06T21:47:01Z  
    • DP-admin
    • ‏2012-02-03T17:21:01Z
    Hi Peter,

    Hi i'm facing the same issue, i tried the above solution but i'm still facing the same issue. Is there any other solution for "Cannot establish SSL credentials"

    Please let me know if any one have a similar problem and found the solution.
    I believe SSL enforcement with DataPower is bit more explicit than SOAPUI, I suspect you might have gone wrong with the SSL proxy profile, if you could provide more details on how you created the SSL Proxy Profile then may be I would be able to help like the direction, key and cert objects in the Crypto Profile etc.., Can you please give a try specifying the SSL Proxy Profile in the Proxy Settings tab of you WSP.
    Cheers,
  • Nitin_Jha
    Nitin_Jha
    20 Posts

    Re: Failed to Establish a BackSide Connection in Webserviceproxy

    ‏2013-06-15T01:19:35Z  

    Hi All

     I have a similar problem, where the service works fine when it is invoked through the soap ui, but gives the below mentioned error when invoked through the client application (Firefox Rest Client).

    0x01130006mpgw (WS_Customer_MPGW): Failed to establish a backside connection

    0x80e00126mpgw (WS_Customer_MPGW): Valid backside connection could not be established: Failed to establish a backside connection, url: https://Vir12-ZZ/YYYYY/XXXXX/

    0x80e0005ampgw (WS_Customer_MPGW): Cannot establish SSL credentials (credential is NULL), URL: 'https://Vir12-XXXXX.

     

     

     

  • Nitin_Jha
    Nitin_Jha
    20 Posts

    Re: Failed to Establish a BackSide Connection in Webserviceproxy

    ‏2013-06-15T03:02:07Z  

    Here the configuration flow.

    The MPG is configured with a HTTPS front side handler listening at 443. The FSH is configured with a reverse ssl proxy profile. The SSL proxy image has been attached as SSLProxy.png. The Crypto profile config has been attached as  CryptoProfile.png.

    Also would like to mention that I have a different service which is working(from browser as well) with same configuration on the same box but different domain.

    Kindly provide your inputs.

     

     

  • kenhygh
    kenhygh
    1575 Posts

    Re: Failed to Establish a BackSide Connection in Webserviceproxy

    ‏2013-06-15T11:47:28Z  
    • Nitin_Jha
    • ‏2013-06-15T03:02:07Z

    Here the configuration flow.

    The MPG is configured with a HTTPS front side handler listening at 443. The FSH is configured with a reverse ssl proxy profile. The SSL proxy image has been attached as SSLProxy.png. The Crypto profile config has been attached as  CryptoProfile.png.

    Also would like to mention that I have a different service which is working(from browser as well) with same configuration on the same box but different domain.

    Kindly provide your inputs.

     

     

    Nitin,

    A FSH is for front-side connections, not backside. You will need to add an SSL proxy profile, in forward mode, for connecting to your backend. 

    You will need to put the public cert of the backend server into the SSL proxy profile's valcred. If you need to do mutual-auth SSL, you will also need to add your private key and cert to the SSL proxy profile's idcred.

    You can specify the SSL proxy profile either by setting it in code - there's a service variable for it - or by attachiing it to your User Agent (MPGW -> XML Manager -> User Agent). You probably will not want to configure this on the default XML Manager/User Agent.

  • Nitin_Jha
    Nitin_Jha
    20 Posts

    Re: Failed to Establish a BackSide Connection in Webserviceproxy

    ‏2013-06-17T22:13:06Z  
    • kenhygh
    • ‏2013-06-15T11:47:28Z

    Nitin,

    A FSH is for front-side connections, not backside. You will need to add an SSL proxy profile, in forward mode, for connecting to your backend. 

    You will need to put the public cert of the backend server into the SSL proxy profile's valcred. If you need to do mutual-auth SSL, you will also need to add your private key and cert to the SSL proxy profile's idcred.

    You can specify the SSL proxy profile either by setting it in code - there's a service variable for it - or by attachiing it to your User Agent (MPGW -> XML Manager -> User Agent). You probably will not want to configure this on the default XML Manager/User Agent.

    Hi Ken

     The MPG works as a SSL server and hence a reverse SSL Proxy profile has been created in the HTTPS front side handler. (To secure communication with requesting clients)  Hope this clarifies.

     

  • kenhygh
    kenhygh
    1575 Posts

    Re: Failed to Establish a BackSide Connection in Webserviceproxy

    ‏2013-06-18T13:01:06Z  
    • Nitin_Jha
    • ‏2013-06-17T22:13:06Z

    Hi Ken

     The MPG works as a SSL server and hence a reverse SSL Proxy profile has been created in the HTTPS front side handler. (To secure communication with requesting clients)  Hope this clarifies.

     

    See my original reply. This has nothing to do with your front side handler.

  • Nitin_Jha
    Nitin_Jha
    20 Posts

    Re: Failed to Establish a BackSide Connection in Webserviceproxy

    ‏2013-06-18T17:39:50Z  

    Thanks Ken, The issue has now been resolved.

    The errors shows by DP were misleading, the actual error was in the match rule in the MPG. The header being sent by the soap ui and the browser client were different and hence the the match action was not processing the request from the browser client whereas it was working with soap ui.

    The soap ui sends content type as "application/xml" and the browser client send it as "application/xml; charset=UTF-8". So now I tweaked the match exp to "application/xml*" and now it works fine.

    Thanks again for guidance.