A common issue that may come up as you are developing your API is a sender error. A sender error occurs when you call an API endpoint through the API Manager and get the following error returned:

<am:fault xmlns:am="http://wso2.org/apimanager">
  <am:type>Status report</am:type>
  <am:message>Runtime Error</am:message>
  <am:description>Error in Sender</am:description>

There are a couple of issues that can cause this error to be returned by the API Manager. In the next section we will try to narrow down what is actually causing this issue.

Troubleshooting steps:

Check for missing intermediate certificates:

One common issue that causes the API Manager to produce this error is the lack of intermediate certificates. This issue is particularly apparent in respect to BYU's DigiCert certificates. The API Manager is aware of DigiCert's root certificate, but does not know any of the intermediate certificates. If your server or load balancer does not produce the intermediate certificates, then the API Manager will fail to validate the SSL and return a sender error.

You can check your server to see if intermediate certificates are produced using this tool. Enter your service URL in the "Hostname:" box and then click "Submit".

The tool will run a test against your server and check for the proper certificates. This can take several minutes. Once the test is complete, you will be presented with a results page that shows each server which responded to the request, along with that server's "grade". Click on any of the server URLs to get to the detailed results.

After selecting one of the server URLs, scroll to the "Certificate Paths" section under "Authentication" and check to see if any certificate in your chain is marked as requiring an "extra download".

If any of your certificates are marked as "Extra download," then this is the reason that you are receiving the sender error from the API Manager. You will need to update your server or load balancer to also send the intermediate certificate. Once the server is sending the intermediate certificate, the API Manager should start working properly, as it will be able to validate the SSL for the service.

If, after going through these steps, you are still getting a sender error from the API Manager, more troubleshooting is required to narrow down the issue.