1. Failed to import the private key/cert,
The same step can be done on our old API GW 9.4 without issue.
Release : 10.0
Component : API GATEWAY
Gateway 10 and above does not allow two identical certificate CN’s that are different certificates/attributes
For a gateway 10 not allowed to load two certificates with the same CN but different footprints/attributes. This specific problem is the intermediate certificate with CN “CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US”
Example:
Issue to: “CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US”
Results SSG log when attempting to import
2021-12-09T11:20:29.796-0500 WARNING 639 com.l7tech.server.security.keystore.JdkKeyStoreBackedSsgKeyStore: Unable to store private key entry, Failed to update certificate chains for the key(s)
com.l7tech.server.security.keystore.ReplaceCertificateChainManager$ReplaceCertificateChainException: Failed to update certificate chains for the key(s)
at com.l7tech.server.security.keystore.ReplaceCertificateChainManager.update(Unknown Source)
at com.l7tech.server.security.keystore.JdkKeyStoreBackedSsgKeyStore.a(Unknown Source)
Caused by: com.l7tech.server.security.keystore.ReplaceCertificateChainManager$ReplaceCertificateChainException: Found matching SubjectDN in other Private Keys' certificate chains and overwrite all cert chains is disabled.
Review the certificates that also contain “CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US” in certificate chain and reissue ALL so they are inline with the new certificate