API Gateway: Questions on Gateway certificates

book

Article ID: 212285

calendar_today

Updated On:

Products

CA API Gateway

Issue/Introduction

There are some questions on understanding certificate management on this product:

1. When certificates are imported to the API Gateway, where are the certificates stored on API Gateway server? Are the certificates encrypted and stored on API Gateway server?

2. Does this product support the use of different certificates for the following data communication:

   a) a certificate for encrypted data communication between the OAuth Manager at the user's browser and API Gateway server

   b) other certificates for data communication between the API Gateway server and its remote interoperated backend servers - for example, Apache server, Oracle database servers. Where are those certificates located on the API Gateway server?

3. Is data communication between Policy Manager and API Gateway server encrypted?  If the answer is yes, how to confirm which certificate is used for encrypted data communication? Is the certificate is also used for encrypted data communication between API Gateway server and Oauth Manager Web GUI?

Environment

Gateway 9.X, 10.X

Resolution

1. When certificates are imported to the API Gateway, where are the certificates stored on API Gateway server? Are the certificates encrypted and stored on API Gateway server?
A: The certificates are stored, unencrypted in the ssg database.
 
2. Does this product support the use of different certificates for the following data communication:
   a) a certificate for encrypted data communication between the OAuth Manager at the user's browser and API Gateway server
   A: You can use a different port and certificate for the OAuth Manager. Add your certificate key to the gateway under Manage Private Keys. You can set up a different SSL port under Manage Listen Ports. On the SSL/TLS Settings tab, you can specify the key you created under Server Private Key.
   b) other certificates for data communication between the API Gateway server and its remote interoperated backend servers - for example, Apache server, Oracle database servers. Where are those certificates located on API Gateway server?
   A: These certificates are not stored by the gateway. If your backend server/application requires SSL, then the SSL certificate on the gateway is used.

3. Is data communication between Policy Manager and API Gateway server encrypted?  If the answer is yes, how to confirm which certificate is used for encrypted data communication? Is the certificate is also used for encrypted data communication between API Gateway server and Oauth Manager Web GUI?
A: If you are using an SSL listen port (port8443/9443), then the data is encrypted with the SSL certificate on the gateway.