How to change Gateway Cluster Hostname?

Release: All supported Gateway version
Component: Gateway

The default SSL key created during the initial deployment of the Gateway database uses the cluster hostname as the CN value. When you change the cluster hostname, the CN value of the presented certificate will not match. Some applications (including the CA API Gateway and CA API Gateway Policy Manager) force hostname validation with certificate authentication.

To change the cluster hostname of the Gateway cluster and change the private key of the CA API Gateway:

1. Log into the Policy Manager as an administrative user
2. Select the "Manage Cluster-Wide Properties" task from the "Tasks" menu.
3. Set "cluster.hostname" to the new cluster hostname.
4. Close the Manage Cluster-Wide Properties dialog.
5. Select the "Manage Private Keys" task from the "Tasks" menu.
6. Select the "Create" button. Ensure the CN value matches the new cluster hostname. Add other certificate attributes as necessary.
7. Select the "Mark as Special Purpose" button.
8. Choose the "Set as Default SSL Key" option.
9. Restart the CA API Gateway service on all nodes in the cluster.

Please note that the generation of a new private key will require existing trust relationships to be re-established. Keys may need to be re-signed, if applicable, and certificate trust chains re-imported.