VIP Enterprise Gateway reverts to a different SSL certificate after upgrading to 9.11
search cancel

VIP Enterprise Gateway reverts to a different SSL certificate after upgrading to 9.11

book

Article ID: 366824

calendar_today

Updated On:

Products

VIP Service

Issue/Introduction

After upgrading to version 9.11, the VIP Enterprise Gateway reverts to using a different SSL certificate, even if the certificate is expired. 

Environment

VIP Enterprise Gateway 9.11

Cause

VIP Enterprise Gateway utilizes Jetty version 10. If Jetty detects a mismatch between the certificate CN and the URL, it will attempt to find and use a certificate in the keystore where the CN matches the URL, even if that certificate is expired. 

Resolution

  1. Create a new SSL certificate where the Common Name (CN) matches the full host and domain name of the VIP EG server. (example: vipeg.example.com). Follow these steps to install the SSL certificate, and these steps to enable the SSL certificate.
  2. Delete any expired, unused, or mismatched SSL certificates. (It is not necessary to remove the CA certificates.)