Error while calling an websocket api via API Gateway

Product/components used and version/fix level:

webMethods microservices runtime 10.11
webMethods API Gateway 10.11
Fix Updates

Detailed explanation of the problem:

I am trying to expose webSocket API to our frontend application team via SAG API gateway. We are able to call IS webSocket API from postman and but when called from API gateway, we are getting below error. We verified the logs and we see that are able to call API gateway webSocket API but when API gateway call IS URL, it is failing. Error seems to be with cert but we installed all the truststore but still getting same error. Also I tried calling normal HTTPS API from API gateway to IS and it works perfectly. So we concluded the issue is with only webSocket API.

Error messages / full error message screenshot / log file:

GMT [YAI.0700.8887E] (tid=2246) [default][apigateway-744f5bc67b-6f9f7] Debug: {1} PKIX path building failed: unable to find valid certification path to requested target"

Question related to a free trial, or to a production (customer) instance?

Free trial
Server log (20.0 KB)

Hi Prasad,

please share some screenshots from your API Gateway hosting IS from the pages Security → Certificates and Security → Keystores as well as from the HTTPS -Port you are connecting to.

When using uncommon CAs, the webSocket API might not be able to verify the certificate presented by the API Gateway (or vice versa).
Can you describe in detail in which direction the call works and in which not?


Hello @Holger_von_Thomsen,
Thank you for reply,

I have added some screenshot for your reference. we are calling websocket URL of API gateway and it throws an error while connecting to websocket URL of IS where websocket server configuration are available. The error logs i have shared is from API Gateway of hosting IS.

IS websocket URL works fine from postman separately. but API gateway throws an error when integrated with API gateway.

Screenshot from API gateway hosting IS
Certificate →

Keystore →
Port →
Port 2->

Prasad Kale


can you provide a sample URL how you invoke the websocket port, please?

Does it help, when you provide centralized truststore containing all neccessary root and intermediate certificates, which are not present in cacerts file from the JVM, as IS Truststore alias and restart IS afterwards?

I have never worked with websockets ports (only regular HTTPS ports), so I am not quite sure where to look at.


Hello @Holger_von_Thomsen ,

I tested IS webSocket URL from postman and its working, Here is the screenshot.
IS webSocket →

Sample URL we created for POC → ws://localhost:8080/echo/com

But We are calling API gateway webSocket URL from frontend application and postman, but it fails from both. Here us screenshot->

to answer other question → We added truststore and tested without restart but it failed with same error. Does it require server restart after uploading truststore ?

Prasad Kale

Hi Prasad,

when adding or updating certificates for the IS it is required to restart the IS as reloading the stores is not sufficient in this case.
Otherwise the certificates wont be activated for IS.


Hi @Holger_von_Thomsen ,

We did API Gateway server restart but still same issue.

Prasad Kale

This topic was automatically closed 180 days after the last reply. New replies are no longer allowed.