Not taking certificates from the temp truststore file [APIM 4.3.0] #4239
Description
Description
When invoking APIs that have secured endpoints with public certificates, the following error will appear in a multi-tenancy scenario.
[2025-09-06 22:30:31,563] ERROR - OAuthConfiguredHTTPEndpoint Could not generate access token for oauth configured http endpoint TEST_API--v1.0.0_APIproductionEndpoint. Error generating token
[2025-09-06 22:30:31,574] INFO - LogMediator {api:TEST_API:v1.0.0} STATUS = Executing default 'fault' sequence, ERROR_CODE = 303003, ERROR_MESSAGE = Could not generate access token for oauth configured http endpoint TEST_API--v1.0.0_APIproductionEndpoint. Error generating token
Steps to Reproduce
- Take an APIM pack and configure the CP GW deployment.
- Add the below configuration to both the CP and GW.
[apim.mediator_config.oauth]
enable_retry_call_with_new_token = true
- Add the below configuration only for the GW TOML file.
[transport.passthru_https.sender.trust_store]
location = "repository/resources/security/client-truststore-temp.jks"
- Start all the nodes and create a tenant. (Please note that this is a mandatory step)
- Then, go to the tenant publisher portal and create an API with the OAuth2 endpoint security.
- Configure an HTTPS URL as the token endpoint and save.
- Upload the public certificate of that endpoint via the publisher portal and deploy the API revision.
- Invoke the API and be able to see the below error.
[2025-09-06 22:30:31,563] ERROR - OAuthConfiguredHTTPEndpoint Could not generate access token for oauth configured http endpoint TEST_API--v1.0.0_APIproductionEndpoint. Error generating token
[2025-09-06 22:30:31,574] INFO - LogMediator {api:TEST_API:v1.0.0} STATUS = Executing default 'fault' sequence, ERROR_CODE = 303003, ERROR_MESSAGE = Could not generate access token for oauth configured http endpoint TEST_API--v1.0.0_APIproductionEndpoint. Error generating token
Version
4.3.0
Environment Details (with versions)
No response