Mark_HE,
I already went through the documentation for "WSS Assertion recipient- CA API Gateway - 9.3 - CA Technologies Documentation " but not able to find the private key related details.
The backend client is supporting SHA-256 signature algorithm and in order to meet their requirement we created a new certificate with algorithm as SHA-256.
Previous default ssl/ cert was SHA384 which was not meeting the requirement of backend application.
Once created the new certificate (SHA -256 supported) is made the default ssl and the API gateway restarted to make the interface work. Also shared the newly created SHA-256 supported public cert with the backend application.
The policy includes assertions to sign element, followed by "Request:Add ws-addressing" and "Apply ws-security 1.1".
For the inbound request we can select the private key at port level and there is no need to change the default ssl.
Is it possible to use the sign element assertion with SHA-256 digest algorithm without making the newly created (SHA256 supported key) key the default ssl key? As suggested earlier I tried right click on the Route via HTTPS assertion, and "Select Private Key -> use custom private Key (SHA-256 one)"." but it is not working.
It works only when I make the private key ( with SHA256 signature algorithm) the default ssl and restart the gateway.