Layer7 API Management

 View Only
Expand all | Collapse all

Is there a way to manage/notify for expiring private keys on CA API Gateway. I found a sample policy for trusted certs but nothing for private keys management.

  • 1.  Is there a way to manage/notify for expiring private keys on CA API Gateway. I found a sample policy for trusted certs but nothing for private keys management.

    Posted Dec 20, 2016 10:06 AM

    Hi all,

     

    I am trying to find a mechanism/assertion/custom policy which can help me track the private keys tied up to different ports on CA api gateway product.

    Like trusted root certificates, I want to track the expiry date for them and if possible generate email alert.

    There is one article which shows sample policy to generate alert for expired Trusted Root Certificates, but I found nothing for private keys i.e. client certificates.

    Please assist. Thanks !



  • 2.  Re: Is there a way to manage/notify for expiring private keys on CA API Gateway. I found a sample policy for trusted certs but nothing for private keys management.
    Best Answer

    Broadcom Employee
    Posted Dec 21, 2016 01:52 PM

    Anuj,

     

    Good afternoon. Currently they is not a mechanism that will alert when a private key is set to expire as the trusted certificates will do. One recommendation we have made was to import the public key for the private key into the Manage Certificate and not give it any options so it is simply being monitored. Please create an idea for this behavior.

     

    Sincerely,

     

    Stephen Hughes

    Director, CA Support