Connect to API Gateway with Policy Manager using client certificate
search cancel

Connect to API Gateway with Policy Manager using client certificate


Article ID: 42900


Updated On:


STARTER PACK-7 CA Rapid App Security CA API Gateway


Unable to login to the Policy Manager using client certificate.


Release: all versions
Component: APIGTW


The 'Client Authentication' option is not properly configured in the Policy Manager.


The Listen Port that the user is attempting to connect to does not support Client Authentication. To correct this connect to the Gateway through the Policy Manager as an administrative user. Select Tasks -> Manage Listen Port and choose the port you wish to modify.  From the properties page, select SSL/TLS settings tab -> Client Authentication drop down and choose either Optional or Required.


*Note:You will not be able to modify the listen port that you are currently connected to through the Policy Manager, so ensure that you choose a different port with Manager access to modify.  For example, if you want to modify port 9443 you must connect to the Policy Manager through port 8443.

Additional Information

Since Gateway 9.1, this problem is fixed.  (By default only port 8443 allows Client Certificate Auth.)

SSM-5180 Corrected an issue that could cause an authentication failure when a user attempts to log in to the Policy Manager using a certificate. 

For "browser client Policy manager", we utilize a web browser which may not have the client certificate requested by the API Gateway during the SSL/TLS negotiation. 
Please make sure to import the client certificate file to the browser as well.