Create new certificate with additional subject alternative names (SAN) addresses
Article ID: 367906
Updated On:
Products
Issue/Introduction
Within an SOA, certificates are signed using the default wildcard certificate. These signed certificates are called internally for trusted SSL communication. Is there an alternative approach to signing these certificates?
Environment
API Gateway 10.x, 11.x
Resolution
The Policy Manager for Gateway 10.x and Gateway 11.x can be used to generate certificate signing requests (CSR). In the request, an admin can add Subject Alternative Names, specifically DNS Names. The DNS names can be used for trusted SSL communications
From Policy Manager, go to Tasks -> Certificates, Keys, and Secrets -> Manage Private Keys
Click Create, fill in the appropriate Alias (NOTE: Subject DN will be auto filled), and click [Create] in the Private Key dialog box.
Click on the new private key, then click [Properties]. From this dialog box, click [Generate CSR].
From the Generate CSR dialog box, click Add. In the Subject Alternative Names (SAN) property, use the pull down menu to select the DNS Name. Enter all the valid names used for SSL communication. Click [OK]. This will allow you to save the CSR as a PEM file. The PEM file can be sent to your certificate provider for signing. Once signed, install the new key.
Feedback
