TSB - Application Owner Troubleshooting GuideVersion: LatestUsing curl or wget
The instructions here explain how to send test requests to an application that is published as follows:
- Host Header / FQDN:
bookinfo.tsb-aws.tetrate.work - Protocol: HTTPS port 443 or HTTP port 80
- Path:
/productpage
We include instructions for both curl and wget CLI tools.
If DNS is correctly configured
If DNS is correctly configured, meaning that the FQDN bookinfo.tsb-aws.tetrate.work resolves to the externally-accessible gateway that exposes the application:
curl
curl -kv https://bookinfo.tsb-aws.tetrate.work/productpage
Note that -k skips the certificate checks, and is often necessary in test environments with https URLs.
wget
wget --no-check-certificate -O - https://bookinfo.tsb-aws.tetrate.work/productpage
Note that --no-check-certificate skips the certificate checks, and is often necessary in test environments with https URLs.
If DNS is not configured
If DNS is not configured, you will need to support the FQDN in the Host Header and SNI extension in the TLS connection:
curl
curl -D - -H "Host: bookinfo.tsb-aws.tetrate.work" http://${GW}/productpage
curl -k -s --connect-to bookinfo.tsb-aws.tetrate.work:443:${GW} https://bookinfo.tsb-aws.tetrate.work/productpage
wget
wget --header="host: bookinfo.tsb-aws.tetrate.work" -O - http://${GW}/productpage
The HTTPS use case is not supported in wget. You should add a manual DNS override, for example, by editing /etc/hosts or equivalent, to map the public DNS name to the correct IP address(es).
Certificate Issues
An incorrect or invalid server certificate may cause clients to refuse to connect. You can retrieve the server certificate as follows:
CLI (openssl)
openssl s_client -showcerts -servername bookinfo.tsb-aws.tetrate.work -connect bookinfo.tsb-aws.tetrate.work:443
Browser
Your browser will throw a warning ("Insecure Connection", "Not Private" or similar) if the certificate is invalid. Use your browser's capability to view the invalid certificate:
Inspect the certificate to determine why it is invalid:
- "Self-signed Certificate" - typically used by low-risk, internal test environments where a temporary certificate is needed for testing
- "Untrusted root" - the certificate has been signed by a root CA that is not trusted by your client. This may be an internal organizational CA, or even the CA used by TSB for internal mesh traffic
- "Impersonating Alternate Site" - the certificate SAN (subject alternative name) and CN (common name) fields do not match the expected server name / FQDN, such as
bookinfo.tsb-aws.tetrate.work - "Expired or otherwise Invalid" - check the expiry date and any other error messages from your client, in the event that the certificate has expired
Add Headers
It's quite common to need to add custom headers to a request:
- Authorization may require certain JWT or other authentication tokens in the request
- The
X-B3-Sampled: 1header can be used to force the Tetrate platform to trace the request, which is useful when debugging request issues
curl
curl -H "X-B3-Sampled: 1" ...
wget
wget -header "x-b3-sampled: 1" ...
Other Topics
Spider a site
Although curl is more easily used in most situations, wget has a very useful spider capability that causes it to follow links in the page it retrieves. You may wish to use this mode to send a variety of requests to your service:
# spider (retrieve but don't save)
wget --no-check-certificate --spider -r -p https://bookinfo.tsb-aws.tetrate.work/
# mirror (retrieve and save)
wget --no-check-certificate --mirror -k -r -p https://bookinfo.tsb-aws.tetrate.work/
Send a steady stream of requests to a site
Basic benchmarking tools can send a steady stream of requests to a site, which is useful when you wish to examine metrics. In this situation, just one or two requests is often not sufficient:
For example, you can use the following command to generate a moderate level of load on the bookinfo application:
while true ; do
wrk -c 10 -t 5 -d 30 -H "Host: bookinfo.tetrate.io" -H 'X-B3-Sampled: 1' http://${GW}/productpage
sleep 5
done
Handling React and other SPA applications
Some frameworks, such as React, create Single Page Application (SPA) sites that use javascript to request content. Simple HTTP GETs with curl, wget and others will not retrieve the full content of the site:
curl -k -D - https://dynabank.tsb-aws.tetrate.work/
HTTP/2 200
content-length: 683
content-disposition: inline; filename="index.html"
accept-ranges: bytes
etag: "1d3ff9eddf61e3493941e1b599e689dd18aaccd1"
content-type: text/html; charset=utf-8
vary: Accept-Encoding
date: Fri, 01 May 2026 15:23:14 GMT
x-envoy-upstream-service-time: 38
server: istio-envoy
<!doctype html><html lang="en"><head><meta charset="utf-8"/><link rel="icon" href="/favicon.ico"/><
meta name="viewport" content="width=device-width,initial-scale=1"/><meta name="theme-color" content
="#000000"/><meta name="description" content="DynaBank - Modern Banking Portal"/><title>DynaBank
Portal</title><link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:300,400,5
00,700&display=swap"/><link rel="stylesheet" href="https://fonts.googleapis.com/icon?family=Materia
l+Icons"/><script defer="defer" src="/static/js/main.888e743e.js"></script></head><body><noscript>
You need to enable JavaScript to run this app.</noscript><div id="root"></div></body></html>
For these applications, look to the 'Developer Tools' in your preferred browser to inspect the requests that are sent. In many cases, you can review a list of requests (sometimes called a HAR file) and easily get a curl request that requests the resource directly
