Troubleshoot Apigee mTLS

This section describes some common errors and resolutions that you might encounter when installing Apigee mTLS.

Certificate errors

ZooKeeper hosts might experience blocks when executing the following commands:

consul operator raft list-peers
systemctl consul_server state returns green

If this happens, try executing the following command:

journalctl -u consul_server  | grep "x509: certificate signed by unknown authority"

If you find instances of the 509 error shown in the response, then multiple CAs are being used and the Consul servers are failing to verify one another. In this case, Apigee recommends that you uninstall apigee-mtls and then reinstall it on all nodes in the cluster. For more information, see Uninstall Apigee mTLS.

Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2024-04-30 UTC.