The functionality of ssl private key in ssg database
search cancel

The functionality of ssl private key in ssg database

book

Article ID: 265787

calendar_today

Updated On:

Products

CA API Gateway

Issue/Introduction

Security control team in our organization request to remove the default ssl private key from Policy Manager. However, after ssl key is removed, we ran into issue, therefore, we have to keep ssl key. Would you please tell me what is the usage of private ssl key in ssg database? What is the impact if ssl key is removed?

 

Environment

Release : 10.1

Resolution

You can't delete the default private key that is MARK special if another one has not been designated.  There MUST be a private key MARK special, you can install your own customer private key

 Using Private Keys within the Gateway

Default Private Key should NOT be deleted unless another key is MARK special from Policy manager -> Certificates, Keys and Secrets -> Manager Private Keys

 

Private Keys in Listen Ports

The following default ports are configured when you set up the Gateway for the first time:

 

8443: SSL port with Client Mutual Authentication set to optional for both Policy Manager access and request messages.

9443: SSL port with Client Mutual Authentication set to none for both Policy Manager access and request messages.

2124: SSL port with Client Mutual Authentication set to optional for inter-node communication

This key may also be used in Policy Assertions that i.e. routes via HTTP(s) ro any other assertions that is configure to use default Private key