The functionality of ssl private key in ssg database
Article ID: 265787
Updated On:
Products
Issue/Introduction
Security control team in our organization request to remove the default ssl private key from Policy Manager. However, after ssl key is removed, we ran into issue, therefore, we have to keep ssl key. Would you please tell me what is the usage of private ssl key in ssg database? What is the impact if ssl key is removed?
Environment
Release : 10.1
Resolution
You can't delete the default private key that is MARK special if another one has not been designated. There MUST be a private key MARK special, you can install your own customer private key
Using Private Keys within the Gateway
Default Private Key should NOT be deleted unless another key is MARK special from Policy manager -> Certificates, Keys and Secrets -> Manager Private Keys
Private Keys in Listen Ports
The following default ports are configured when you set up the Gateway for the first time:
8443: SSL port with Client Mutual Authentication set to optional for both Policy Manager access and request messages.
9443: SSL port with Client Mutual Authentication set to none for both Policy Manager access and request messages.
2124: SSL port with Client Mutual Authentication set to optional for inter-node communication
This key may also be used in Policy Assertions that i.e. routes via HTTP(s) ro any other assertions that is configure to use default Private key
Feedback
