Layer7 API Management

Expand all | Collapse all

How can I Import expired certificate into internal identity provider user?

Jump to Best Answer
  • 1.  How can I Import expired certificate into internal identity provider user?

    Posted 01-22-2015 10:38 PM

    I have a need to use the expired certficate. But the L-7 gateway is not allowing me to import the expired certificate into internal identity provider user. How can I forcefully import it?



  • 2.  Re: How can I Import expired certificate into internal identity provider user?

    Broadcom Employee
    Posted 01-22-2015 11:25 PM

    I've just tried this against an 8.2 gateway using a certificate that expired December of last year. What error are you seeing in the Policy Manager and what version are you running? If it produces a report can you cut out the error message. By the way if you are going to use this certificate as of 7.1 you have the option on the Require SSL Certificate assertion to use a new check-box called "Check Client Certificate Validity Period" which is selected by default to ignore expired certificates just check the thumbprint when it arrives.



  • 3.  Re: How can I Import expired certificate into internal identity provider user?

    Posted 01-23-2015 12:14 AM

    The policy manager I've been using is 7.1.

    Thank you for the suggestion on disabling the check client certificate validity period. But I'm trying to add an expired certificate to a user in internal identity provider and getting the error message as "This certificate was expired and did not store the certificate". Is it possible to disable the expiration check while importing the certificate for a user?



  • 4.  Re: How can I Import expired certificate into internal identity provider user?

    Posted 01-23-2015 12:20 AM

    Steps to reproduce the issue:

     

    1. Create a user called testuser in internal identity provider.

    2. Import an expired certificate to the testuser.

     

    You should see exception while finishing the import.



  • 5.  Re: How can I Import expired certificate into internal identity provider user?

    Broadcom Employee
    Posted 01-23-2015 12:31 AM

    Just tried it with the same certificate on a 7.1 Gateway and it did not fail. What error is being presented?



  • 6.  Re: How can I Import expired certificate into internal identity provider user?

    Posted 01-23-2015 09:05 AM
      |   view attached

    Here is the screenshot of error message:

     

     

     

    Thank you,

    ~Rajesh.



  • 7.  Re: How can I Import expired certificate into internal identity provider user?
    Best Answer

    Broadcom Employee
    Posted 01-23-2015 04:31 PM

    I would suggest you log a case with support as we may need to get your certificate.