Original Message:
Sent: Sep 13, 2024 02:25 PM
From: Gary Vermeulen
Subject: replaced key certificate chain not refelected in HTTP routing
Hi Michael,
This is available as a preview feature in Gateway v11.1.1
To enable this on listenPorts you can set the following advanced property
To enable this globally for the Route via HTTP(s) Assertion you can set the following system property
- com.l7tech.server.policy.assertion.ServerHttpRoutingAssertion.refreshOnKeyChanges=true
Kind regards,
Gary
Original Message:
Sent: Sep 13, 2024 11:34 AM
From: Michael Mueller
Subject: replaced key certificate chain not refelected in HTTP routing
Dear Team.
Not sure, if this is known issue.
For mtls based communication we are using a custom private key in our HTTP(S) routing assertion.
Now the certificate in the keys certchain has expired.
We created a new one with the existing key, and substituted the certificate chain through the Policy Managers "Replace Certificate Chain" capability.
All looks fine from a UI perspective.
However, the service itself which actually should use this new client certificate, is obviously still sending the old one.
Once updating/saving the service - even a comment change is sufficient - the routing assertion picks up the new cert.
The current gateway version is 11.0 CR02,
I tried the same on v11.1.0, with the same behavior.
Please let me know any hints or tips, how to activate a new certificate in a key for policies, that refer those keys.
Thanks
...Michael