Mobile API Gateway: CA_MSSO Private key expiry
search cancel

Mobile API Gateway: CA_MSSO Private key expiry

book

Article ID: 139365

calendar_today

Updated On:

Products

CA Mobile API Gateway CA Rapid App Security CA API Gateway API SECURITY

Issue/Introduction

The CA_MSSO private key which we are using for the mobile API Gateway calls is going to expire.  The Alias name should always be  ca_msso as per the document. Because as this a production, we can't wait till it expires and we wanted to it to renew ahead. If we create a new private key with the same alias and map it to the policy, will that be okay? Or do we need to delete the existing key first?


Environment

Component: CA Mobile Gateway


Resolution

You will need to delete and recreate the existing CA_MSSO private key.  One this has been done and a new private key is created you will need to update the polices that reference this Key as well. 


You will need to update the "Sign Certificate" on the following policies and lines. Note: These line numbers are for MAG 4.2. Other versions the line numbers may vary. You can look for the sign certificate assertions in each policy to get the correct lines.



connect/device/renew line 27


connect/device/register line 55 and 110,


connect/device/register/client 46 & 54


Your user will need to validate and register with the new key when they log on.