Layer7 SSL certificate showing different issuer certs
Article ID: 191653
Updated On:
Products
CA API Gateway
API SECURITY
CA API Gateway Precision API Monitoring Module for API Gateway (Layer 7)
CA API Gateway Enterprise Service Manager (Layer 7)
STARTER PACK-7
CA Microgateway
Issue/Introduction
Cert services to generate the SSL certificate and its issued by a certain COMODO issuer which is expiring on 2038.
But when we upload that cert into Policy manager, Layer7 builds the certificate with the Old comodo issuer which is expiring on May 30th 2020.
I verified and the old comodo cert which is expiring on May 2020 is not a trust anchor anymore but still Layer7 is building the server certificate with it.
How to fix this ?
But when we upload that cert into Policy manager, Layer7 builds the certificate with the Old comodo issuer which is expiring on May 30th 2020.
I verified and the old comodo cert which is expiring on May 2020 is not a trust anchor anymore but still Layer7 is building the server certificate with it.
How to fix this ?
Environment
Release : 9.1
Component : API GATEWAY
Resolution
Steps provided in lieu of upgrading to 9.4 which solves the issue
DE337781 Corrected an issue where the Gateway used the old root certificate when the old root certificate was replaced by a new one with the same name
Steps discussed
Make gateway standalone no replication
Create a new listening port to connect to from Policy Manager
Create a self signed cert for this connections and port
Connect to the Gateway on the new port from policy manager
Remove all certificate and chains associated with the expire chain (3) from “Manage Private Key” and Manage Certificates”
Import ALL the new certificates
Verify certificate look OKAY
Join gateway make it other sync to it updating there mysql
DE337781 Corrected an issue where the Gateway used the old root certificate when the old root certificate was replaced by a new one with the same name
Steps discussed
Make gateway standalone no replication
Create a new listening port to connect to from Policy Manager
Create a self signed cert for this connections and port
Connect to the Gateway on the new port from policy manager
Remove all certificate and chains associated with the expire chain (3) from “Manage Private Key” and Manage Certificates”
Import ALL the new certificates
Verify certificate look OKAY
Join gateway make it other sync to it updating there mysql
Feedback
Yes
No
Powered by
