wso2
Publishing api with certificates which contain "&" symbol generates an error
Description
We have identified an issue with publishing APIs with faulty backend certificates(which includes the "&" symbol). Please follow the below steps to reproduce the issue and it seems when the certificates contain the "&" symbol we can not publish APIs due to the following error.
Error while updating the API in Gateway fd5d1702-9c11-4451-b3a0-1a7752d11deb {"UNPUBLISHED":{},"PUBLISHED":{"AWS Cloud":"Error while Deploying API: Error while publishing API to the Gateway. com.ctc.wstx.exc.WstxUnexpectedCharException: Unexpected character '#' (code 35); expected a semi-colon after the reference for entity 'C'\n at [row,col {unknown-source}]: [294,237]"}}
Steps to reproduce:
- Download an APIM 3.2.0 pack and update it to 277 update level
- Execute the following commands and generate a backend certificate.
openssl genrsa -out private.key 2048
openssl req -new -key private.key -out csr.pem
Note: Please note that the Organizational Unit Name should contain an “&” symbol(i.e. Organizational Unit Name (eg, section) []:C&C)
openssl x509 -req -days 365 -in csr.pem -signkey private.key -out certificate.crt
- Create a new API
- Upload the certificate in "Transport Level Security" section
- Publish it on gateway
Current behaviour
- Unable to publish API with this certificate and it give the below error.
Expected behaviour
- The API should be able to publish without any issue since when uploading the certificate it doesn't give any error(due to the “&” symbol)
However, as per the analysis a certificate can contain the “&” symbol[1] and hence we believe that we need to address the issue in publishing APIs with this “&” symbol.
[1] https://docs.digicert.com/en/certcentral/manage-certificates/public-certificates---data-entries-that-violate-industry-standards.html
Affected Component
APIM
Version
3.2.0
