Loading

HTTP 400 Error When Accessing Application Through DLB with mTLS Enabled

게시 일자: May 1, 2026
상세 설명

All consumer requests are failing with an HTTP 400 Bad Request error at the DLB layer when mTLS is enabled. The requests are rejected at the DLB and do not reach the Mule applications.

솔루션

  1. Review DLB logs to determine whether the response originates from the DLB or the Mule application. If the response is generated by the DLB, proceed with the following steps. Else, refer this KB article.

  2. If the DLB is returning an HTTP 400 directly, validate the client certificate used for mTLS authentication with:

        openssl x509 -text -noout -in client_ca.pem -purpose

  1. Inspect the Extended Key Usage section of the certificate and confirm it includes TLS Web Client Authentication. For example:

        X509v3 Extended Key Usage:
          TLS Web Server Authentication

  1. If TLS Web Client Authentication is missing, reissue or update the certificate to include the appropriate client authentication usage.

추가 자원

Sample DLB log for http 400:

1.2.3.4 - - [date:09:34:45 +0000] "GET /hellomulesoft= HTTP/1.1" 400 180 "-" "GuzzleHttp/7" "-" rt=0.000 uct="-" uht="-" urt="-" ua="-" us="-" proto="TLSv1.2" cipher="DHE-RSA-AES256-GCM-SHA384"

Sample certificate output:

% openssl x509 -text -noout -in cert.pem -purpose
Certificate purposes:
SSL client : Yes
SSL client CA : No
SSL server : Yes
SSL server CA : No
Netscape SSL server : Yes
Netscape SSL server CA : No
S/MIME signing : Yes
S/MIME signing CA : No
S/MIME encryption : Yes
S/MIME encryption CA : No
CRL signing : No
CRL signing CA : No
Any Purpose : Yes
Any Purpose CA : Yes
OCSP helper : Yes
OCSP helper CA : No
Time Stamp signing : No
Time Stamp signing CA : No
Code signing : No
Code signing CA : No
Knowledge 기사 번호

005318612

 
로드 중
Salesforce Help | Article