API Portal Sync with API GW failed with No subject alternative DNS name
book
Article ID: 74946
calendar_today
Updated On:
Products
CA API Developer PortalCA API Gateway
Issue/Introduction
Since Portal CR6 upgrade, sync between portal and API GW is failing in our Certification environment . Each time Portal commnicate with API GW a handshake error raises
02/27 12:25:09.574 ERROR (http-nio-37080-exec-17:) - [APIListXS general] -- javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative DNS name matching xyzfound
Cause
The issue is seen when Portal is configured to accept the gateway certificate which is not the default SSL of the gateway( this is specified when configuring portal using config.sh script). In such case the Portal is looking to be presented with the certificate matching its entry for gateway certificate, in this case 'xyz' but gateway presents its default certificate 'abc'
Environment
CA API Developer Portal 3.5 CR6
Resolution
To resolve this one must configure the port specified while running config.sh script to present the certificate which is added in portal's TrustStore.
1. Login to policy manager using any other port other than the one which you are changing. example if you would like to change 8443 port then please login using 9443( specify under hostname (:9443) 2. Go to task--> Listen ports select the port 8443 3. Under ssl/tls settings server private key ... select the private key whose certificate is being used in portal.
Then login to portal and go to gateway plugin http:///admin?action=PLUGIN-lrsgateway Then click the Sync API Plans . ============================