In a project a customer is asking to put a *.domain ssl certificate signed for a public CA in order to not get warnings on the browsers.
I know is not a good practice, but I want to know if someone else do it. As portal uses this certiticati to make machine2machine authentication with gateway I asume will not work, but want be sure.
You can use a wildcard certificate to communicate machine to machine in particular the gateway. This may require that you set the cluster wide property io.httpsHostAllowWildcard to true on the Gateway but this is mainly for outbound calls not inbound.
Director, CA Support
Many thanks Stephen
So I asume is intended for inbound, outbound conections with wildcar maybe will fail. i will try It.
Is posible to configure portal to present a wildcard Cert and made the authentication in the gateway with a mchine specific cert?
I think I understand your question, but please correct me if I'm wrong.There are two sets of keys/certs that are used by the API Portal. The key/cert for outbound communication (Mutual Authentication between API Portal and API Gateway), is the one described here:
The inbound certificate that is presented to end users in the browser is configured in httpd. It has a default certificate, but you can change it using the instructions here:
So you can have a one certificate for the API Portal to use when communicating with the API Gateway, and a different certificate for the API Portal when presenting to the end user in the browser. Let me know if I understood your question correctly, and whether this is helpful.
Azad you undestood the question percetly. The standard procedure is use the generated private key/cert generated in the first step for both task, inbound and outbound, and I'm guessing if is neede for something or I can use different certs as is stated in the second point.