APIcast returning error 400 with "Certificate chain too long" in Client Certificate Verification

Solution Verified - Updated -

Issue

We are trying to validate client certificates that have the full certificate chain on it, but APIcast is returning the response code 400 and printing the following error:

023/11/17 17:55:59 [info] 28#28: *993 client SSL certificate verify error: (22:certificate chain too long) while reading client request headers, client: 10.xxx.xx.xx, server: _, request: "POST /xxxxxx/v1/xxxx?app-key=xxxxxxxxxxxxxxxxxx HTTP/1.1", host: "xxxxxxxxxxxxxxxxxxxxx:443"
[17/Nov/2023:17:55:59 +0000] xxxxxxxxxxxxxxxxxxxxx:8443 10.151.6.2:38468 "POST /xxxxxx/v1/xxxx?app-key=xxxxxxxxxxxxxxxxxx HTTP/1.1" 400 212 (0.000)

If we use just the public key in certificate it works fine. Is it possible to configure the depth?

Environment

  • Red Hat 3scale API Management
    • 2.13 On-Premise

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content