I have an API Gateway Regional REST API with a lambda proxy integration and a custom domain name, and i need to add mutual TLS.
The API is working fine without mTLS.
I have followed this guide to enable mTLS and test it with self-signed certificates : https://aws.amazon.com/blogs/compute/introducing-mutual-tls-authentication-for-amazon-api-gateway/
But when i make a request with curl just like in the guide :
curl --key my_client.key --cert my_client.pem https://api.yourdomain.com,
i get curl: (92) HTTP/2 stream 0 was not closed cleanly: CANCEL (err 8) .
--http1.1 doesnt help either, it just says curl: (52) Empty reply from server instead.
The empty response doesnt contain any headers or body, its just 0 bytes.
If i omit the client key and cert, i receive curl: (35) OpenSSL SSL_connect: Connection was reset in connection to api.yourdomain.com:443. which i beleive indicates that mTLS is enabled.
All troubleshoot examples tries to solve 403 response errors.
I have no clue of what could possibly be wrong and I would really appreciate all help that can point me into where i can look to try to solve the issue.
I resolved the issue by generating new CA and certificates and uploading them again in a versioned S3 Bucket.
I dont know exactly why i got this error but i beleive the application went into some invalid/erroneous state after I many times tried setting different configurations on the API Gateway, S3 bucket, and domain name in my trial error journey.