Layer7 SSL certificate showing different issuer certs

book

Article ID: 191653

calendar_today

Updated On:

Products

CA API Gateway API SECURITY CA API Gateway Precision API Monitoring Module for API Gateway (Layer 7) CA API Gateway Enterprise Service Manager (Layer 7) STARTER PACK-7 CA Microgateway

Issue/Introduction

Cert services to generate the SSL certificate and its issued by a certain COMODO issuer which is expiring on 2038.
But when we upload that cert into Policy manager, Layer7 builds the certificate with the Old comodo issuer which is expiring on May 30th 2020.

I verified and the old comodo cert which is expiring on May 2020 is not a trust anchor anymore but still Layer7 is building the server certificate with it.
How to fix this ?

Environment

Release : 9.1

Component : API GATEWAY

Resolution

Steps provided in lieu of upgrading to 9.4 which solves the issue

DE337781 Corrected an issue where the Gateway used the old root certificate when the old root certificate was replaced by a new one with the same name


Steps discussed
Make gateway standalone no replication
Create a new listening port to connect to from Policy Manager
Create a self signed cert for this connections and port
Connect to the Gateway on the new port from policy manager
Remove all certificate and chains associated with the expire chain (3) from “Manage Private Key” and Manage Certificates”
Import ALL the new certificates
Verify certificate look OKAY
Join gateway make it other sync to it updating there mysql