Layer7 API Management

 View Only
  • 1.  replaced key certificate chain not refelected in HTTP routing

    Posted 30 days ago

    Dear Team.

    Not sure, if this is  known issue.

    For mtls based communication we are using a custom private key in our HTTP(S) routing assertion.

    Now the certificate in the keys certchain has expired.

    We created a new one with the existing key, and substituted the certificate chain through the Policy Managers "Replace Certificate Chain" capability.

    All looks fine from a UI perspective.

    However, the service itself which actually should use this new client certificate, is obviously still sending the old one.

    Once updating/saving the service - even a comment change is sufficient - the routing assertion picks up the new cert.

    The current gateway version is 11.0 CR02,

    I tried the same on v11.1.0, with the same behavior.

    Please let me know any hints or tips, how to activate a new certificate in a key for policies, that refer those keys.

    Thanks

    ...Michael 

     



  • 2.  RE: replaced key certificate chain not refelected in HTTP routing
    Best Answer

    Broadcom Employee
    Posted 30 days ago

    Hi Michael,

    This is available as a preview feature in Gateway v11.1.1

    To enable this on listenPorts you can set the following advanced property

    • refreshOnKeyChanges=true

    To enable this globally for the Route via HTTP(s) Assertion you can set the following system property

    • com.l7tech.server.policy.assertion.ServerHttpRoutingAssertion.refreshOnKeyChanges=true


    Kind regards,

    Gary




  • 3.  RE: replaced key certificate chain not refelected in HTTP routing

    Posted 27 days ago

    Thank you, Gary

    Kind regards

    ...Michael