Connect to API Gateway with Policy Manager using client certificate
Article ID: 42900
Updated On:
Products
Issue/Introduction
Unable to login to the Policy Manager using client certificate.
Environment
Release: all versions
Component: APIGTW
Cause
The 'Client Authentication' option is not properly configured in the Policy Manager.
Resolution
The Listen Port that the user is attempting to connect to does not support Client Authentication. To correct this connect to the Gateway through the Policy Manager as an administrative user. Select Tasks -> Manage Listen Port and choose the port you wish to modify. From the properties page, select SSL/TLS settings tab -> Client Authentication drop down and choose either Optional or Required.
*Note:You will not be able to modify the listen port that you are currently connected to through the Policy Manager, so ensure that you choose a different port with Manager access to modify. For example, if you want to modify port 9443 you must connect to the Policy Manager through port 8443.
Additional Information
Since Gateway 9.1, this problem is fixed. (By default only port 8443 allows Client Certificate Auth.)
SSM-5180 Corrected an issue that could cause an authentication failure when a user attempts to log in to the Policy Manager using a certificate.
For "browser client Policy manager", we utilize a web browser which may not have the client certificate requested by the API Gateway during the SSL/TLS negotiation.
Please make sure to import the client certificate file to the browser as well.
Attachments
Feedback
