By changing the cluster host name (i.e., the host name of the virtual interface used by a load balancer), you will need to create a new default SSL key. The default SSL key created during the initial deployment of the Gateway database uses the cluster host name as the CN value. When you change the cluster host name, the CN value of the presented certificate will not match. Some applications (including the CA API Gateway and CA API Gateway Policy Manager) force host name validation with certificate authentication.
To change the cluster host name of the Gateway cluster and change the private key of the CA API Gateway:
Please note that the generation of a new private key will require existing trust relationships to be re-established. Keys may need to be re-signed, if applicable, and certificate trust chains re-imported. If you require assistance with these topics, please contact CA Support.