Unable to connect to Azure Face API when we have enabled private end point

0
Hi ,  we are trying to implement Face Recognition using Azure Face API. For that we have created a face instance and other required configurations. API also we are able to execute from both API console and postman.   As per our policy, accessing face api url in public is restricted . so we have created a private endpoint. After that when I execute the api from my application i am getting following certificate related error. Actually what it means and how i can resolve this.    Note : In Postman , the API gives response 200. but from application only i am getting this error. I checked with one of my colleague , saying that in postman certificate validation is disabled so that it gives response . Is there any way to disable that using studio pro ==============================================   Unable to connect to Azure Face API   null   Error calling REST service     at FaceAction.ACT_FetchPersonGroupList (CallRest : 'Call REST (GET)')     at FaceAction.DS_PersonGroup (SubMicroflow : 'ACT_FetchPersonGroupList')   Advanced stacktrace:     at com.mendix.integration.actions.microflow.RestCallAction.execute(RestCallAction.scala:79)   Caused by: java.security.PrivilegedActionException: javax.net.ssl.SSLPeerUnverifiedException: Certificate for <10.6.0.4> doesn't match any of the subject alternative names: [*.cognitiveservices.azure.com, *.api.cognitive.microsoft.com, *.dev.cognitive.microsoft.com, *.openai.azure.com]     at com.mendix.integration.actions.microflow.RestCallAction.execute(RestCallAction.scala:79)   Caused by: null     at com.mendix.integration.actions.microflow.RestCallAction.execute(RestCallAction.scala:79)   Caused by: Certificate for <10.6.0.4> doesn't match any of the subject alternative names: [*.cognitiveservices.azure.com, *.api.cognitive.microsoft.com, *.dev.cognitive.microsoft.com, *.openai.azure.com]     at com.mendix.integration.actions.microflow.RestCallAction.execute(RestCallAction.scala:79)
asked
2 answers
0

Hi Vijaykumar,
 

The error you're encountering with the Face API in your application is related to certificate validation. When you access a private endpoint (which is usually secured with SSL/TLS), the client application (your Mendix application) needs to validate the server's certificate to ensure it is connecting to the correct server and to prevent man-in-the-middle attacks.

The fact that you can successfully make requests from Postman might be due to certificate validation being disabled in Postman settings. However, disabling certificate validation is not recommended in production environments as it can expose your application to security risks.

To resolve the certificate validation issue in your Mendix application, you need to ensure that the application can properly validate the server's certificate. 

1. Check the Certificate: Ensure that the certificate used by the private endpoint is valid and properly installed on the server hosting the endpoint. You may want to double-check the certificate chain and expiration date.

2. Root Certificate: Verify that the root certificate (or the intermediate certificates if any) used to sign the server certificate is trusted by the operating system on the server where your Mendix application is running. If it is not trusted, you might need to install the necessary root/intermediate certificates.

3. Check Network Restrictions: Ensure that your Mendix application has proper network access to connect to the private endpoint. If there are any firewalls or proxies in place, make sure they are configured correctly to allow the communication.

5. Check Mendix Runtime Configuration: If you have specific network or certificate-related settings in your Mendix Runtime configuration, review them to ensure they are correctly configured.

 

Disabling certificate validation is not recommended as it compromises the security of your application. Instead, focus on properly configuring the certificate validation in your Mendix application and ensuring the required certificates are trusted.

 

answered
0

Hi vijayakumar,

 

I experienced the same error when running the application locally but deploying it to the cloud helped (even on free cloud).

answered