Layer7 SSL certificate showing different issuer certs
search cancel

Layer7 SSL certificate showing different issuer certs


Article ID: 191653


Updated On:


CA API Gateway API SECURITY CA API Gateway Precision API Monitoring Module for API Gateway (Layer 7) CA API Gateway Enterprise Service Manager (Layer 7) STARTER PACK-7 CA Microgateway


Cert services to generate the SSL certificate and its issued by a certain COMODO issuer which is expiring on 2038.
But when we upload that cert into Policy manager, Layer7 builds the certificate with the Old comodo issuer which is expiring on May 30th 2020.

I verified and the old comodo cert which is expiring on May 2020 is not a trust anchor anymore but still Layer7 is building the server certificate with it.
How to fix this ?


Release : 9.1

Component : API GATEWAY


Steps provided in lieu of upgrading to 9.4 which solves the issue

DE337781 Corrected an issue where the Gateway used the old root certificate when the old root certificate was replaced by a new one with the same name

Steps discussed
Make gateway standalone no replication
Create a new listening port to connect to from Policy Manager
Create a self signed cert for this connections and port
Connect to the Gateway on the new port from policy manager
Remove all certificate and chains associated with the expire chain (3) from “Manage Private Key” and Manage Certificates”
Import ALL the new certificates
Verify certificate look OKAY
Join gateway make it other sync to it updating there mysql