Resolving self-signed certificate errors in TLS connections

If you are unable to establish a Transport Layer Security (TLS) connection with the server.

Symptom

When you try to register a portal, analytics, or gateway service in topology of Cloud Manager, the system displays the following error: Unable to verify first certificate or Self-signed certificate in chain.

Cause
The error might occur when there is an issue with the certificate configuration.
Solution
To enable enhanced logging, run the following command to set the debug environment:
apicops logs:change-log-spec -s "audit,*:error,bhendi:probe,bhendi:flags,bhendi:server,bhendi:audit,bhendi:webhookAudit,apicutil:profile:metrics,apim:server,apim:routes:*,apim:routesc:*,apim:oidc,apim:oidc:*,apim:webhook:audit,apim:taskmanager:info:*,apim:nats,apim:bedrock:server,apim:skills:server,apim:billing_task_manager,apim:billing_util,curl,trace:curl,bhendi:tlsHelper"
The console logs include the following information about the certificate issues:
  1. Client certificate: The certificate presented by the client.
  2. Server certificate: The certificate presented by the server.
  3. Certificate chain: The chain of certificates presented by the server.
  4. Trust store certificates: The certificates in the trust store.
  5. Trust-store and key-store URLs: The URLs of the trust store and key store from the configuration.