The customer is having a strange issue with a specific certificate chain
According to OpenSSL this is a valid chain:
>> openssl verify -partial_chain -trusted inter.pem leaf.pem
However, according to the API Gateway the signatures do not match with this error:
Unable to build path for Certificate : unable to find valid certification path to requested target;related error(s) [Signature does not match.]
Is it possible that the API Gateway is not supporting the Signature algorithm.
For the leaf certificate this is:
The actual comes from the SSG logs. We have tried we the entire chain in the truststore as trust anchor.
Of course, for it to work, you have to make some changes:
- switch to an IDP that exists on your environment
- add the inter.pem as a trustanchor that can sign client certificates
- create a user with the leaf.pem as certificate
- change the Authenticate User step to your local IDP and the user you created
Release : 9.4
Component : API GATEWAY