Replace Certificate Chain not working , old chain is still visible .

book

Article ID: 207279

calendar_today

Updated On:

Products

CA API Gateway

Issue/Introduction

I am   experiencing issues when trying to replace a certificate chain on the CA API Gateway.
We have a private key on the GW of which the intermediate cert  has been revoked  and a new intermediate (same name, different thumbprint) has been issued.

We  received a new .pem file with their client and the new Intermediate .
Now they want to replace the Intermediate certificate that is in the current private key via Manage Private Keys> Replace Certificate Chain.

However, this does not yield any results the old Intermediate remains in it.
The steps they have taken to replace the certificate chain are:

- Replace certificate chain (with the new pem / crt file);
- No error message, intermediate certificate does not change;
- Nodes restart, intermediate certificate still not changing.

Environment

Release : 10.0 9.x

Component : API GATEWAY

Resolution

If  you have other keys which are using the same cert chain as this key you have to update the chain for all of them.

The gateway searches up the chain by CN and is finding the old certs in a chain in another key .