Problem

-- Inbound security of a frontend API is configure using Two-way SSL

-- When doing a request to this API, API Manager return an error 500 (Security failure)

-- In API Gateway trace file, the following error appears:

ERROR 11/9/16, 03:42:49.596 SslProcessor.invoke: No SSL cert available

Resolution

- This error happens because the client of the connection doesn't send its own certificate

- That could happen because of a wrong API Gateway configuration, mutual authentication has to be configure in API Manager listener

- To configure it, edit the API Manager port configuration (API Gateway > Listeners > API Manager Traffic > Port) and in the Mutual Authentication tab, insure that either Accept client certificates or Require client certificates is ticked. You also have to select the Certificate Authorities you trust in the list.