The original ticket opened by a customer stated the following:

Using the Private Key Management, I created a new key with the defaults.
I then exported the key.

I then import the key into the policy manager.

When connecting, I am getting "Invalid Client Certificate" Error.

So, what am I missing?

In this KB, an example is given as a guide.

Release : 9.4, 11.1

Component : API GTW ENTERPRISE MANAGER

Using client certificate from gateway to access Policy Manager Steps 

Part 1. Use Gateway to create a certificate, assign it to a user in an Identity Provider, and export it as a p12 file

1. Create a private key 

• Access policy manager with default ID password 
• Task -> Certificate, Keys and Secrets -> Manager Private Keys 
• Click Create Alias pmtest Subject DN: pmtest 

2. Create User in the default Identity Provider using the Subject DN from step 1

• Click Identity Providers 
• Right click Internal Identity Provider -> Create User 
• User name: pmtest (MUST BE THE SAME AS CERT) 

 3, Define roles and import certificate for the new admin 

• Right click Internal Identity Provider -> Search Identity Provider 
• Search for the new user pmtest when found double click user 
• Click Roles tab -> Add, check Administrator, click Add Click 
• Certificate tab -> Click Import 
• Since the certificate was created on GW click Import from “Private Key’s Certificate Chain” 
• From the Drop down select the new key ‘pmtest’ in Software DB 

4. Export the private key for import into Policy manager 

• Task -> Certificate, Keys and Secrets -> Manager Private Keys 
• Select the new key Alias pmtest -> Properties 
• Click ‘Export Key” - provide password for export 
• Provide a location for the p12 certificate 

Part 2 Import the p12 certificate to the Policy Manager and use it to connect