Layer7 SSL certificate showing different issuer certs
book
Article ID: 191653
calendar_today
Updated On:
Products
CA API GatewayAPI SECURITYCA API Gateway Precision API Monitoring Module for API Gateway (Layer 7)CA API Gateway Enterprise Service Manager (Layer 7)STARTER PACK-7CA Microgateway
Issue/Introduction
Cert services to generate the SSL certificate and its issued by a certain COMODO issuer which is expiring on 2038. But when we upload that cert into Policy manager, Layer7 builds the certificate with the Old comodo issuer which is expiring on May 30th 2020.
I verified and the old comodo cert which is expiring on May 2020 is not a trust anchor anymore but still Layer7 is building the server certificate with it. How to fix this ?
Environment
Release : 9.1
Component : API GATEWAY
Resolution
Steps provided in lieu of upgrading to 9.4 which solves the issue
DE337781 Corrected an issue where the Gateway used the old root certificate when the old root certificate was replaced by a new one with the same name
Steps discussed Make gateway standalone no replication Create a new listening port to connect to from Policy Manager Create a self signed cert for this connections and port Connect to the Gateway on the new port from policy manager Remove all certificate and chains associated with the expire chain (3) from “Manage Private Key” and Manage Certificates” Import ALL the new certificates Verify certificate look OKAY Join gateway make it other sync to it updating there mysql