Layer7 API Management

 View Only
  • 1.  Private certificate for client authentication

    Posted Jan 04, 2018 08:16 AM

    Hi All,


    I have a scenario where I need to send some information to 3rd party soap service which has certificate based communication.  I have got below certificate from 3rd party service

    1. Security Certificate
    2. .pfx (personal information exchange) file


    I am using CA API Gateway 9.1 and I have imported both these certificates under Tasks-->ManageCertificates.


    I have enabled below options and restarted the Gateway to reflect the changes.  


    Post restart I have created a simple service to send a request to 3rd party via Gateway and it did not work and it is throwing below exception


    "Problem routing to XXXXXXXXXXXXXXXXXXXXXXXXXX. Error msg: Unable to obtain HTTP response from XXXXXXXXXXXXXXXXXXXXXXXXXX: Connection reset "


    Could someone help me with this problem.  This is first time I am are trying to configure private client certificate authentication in Gateway.  




  • 2.  Re: Private certificate for client authentication
    Best Answer

    Posted Jan 04, 2018 12:13 PM

    If you mean that your 3rd party requires you to send a specific client certificate to authenticate, then you are missing a piece of configuration. First you need to import the provided certificate in your Private Keys, not your Certificates.


    Then you need to right-click on the Route via HTTPS assertion and click Select Private Key, select Use custom private key, and then select the key you have imported.


    The route will then pass the right private key when sending the request.


    See this thread for more info: Configuring mutual ssl 

  • 3.  Re: Private certificate for client authentication

    Posted Jan 05, 2018 05:43 AM

    Thank you ygirouard!! that did the magic