Layer7 API Management

Expand all | Collapse all

Portal 4.2 using signed SSL certificates

Jump to Best Answer
  • 1.  Portal 4.2 using signed SSL certificates

    Posted 04-04-2018 12:58 PM

    Under the portal 4.2.x documentation it mentions that two wildcard certificates need to be generated for operation. An SSL certificate for CN=*.domain, and one for CN=tssg. The first one makes sense and works as expected. However the second wildcard (internal server name) is not valid for a CA signed certificate as of Nov 2015. What is the TSSG certificate for and can portal.sh be run with just the *.domain certificate being generated?

     

    Create and Sign Certificates for Production - CA API Developer Portal - 4.2 - CA Technologies Documentation 

     

    So I have the *.domain certificate created and signed by an authorized CA, but can't get the same for the tssg. The instructions above say to enter the following in the portal.conf for running portal.sh, but you can't generate a valid tssg key/cert. Can I just enter the signed *.domain key/cert?

     

    PORTAL_TSSG_SSL_KEY='/home/qa/tssg_new.p12'

    PORTAL_TSSG_SSL_KEY_PASS='!@#%^*()_-+='

    PORTAL_HTTPD_SSL_KEY='/home/qa/dispatcher_new.p12'

    PORTAL_HTTPD_SSL_KEY_PASS=''!@#%^*()_-+='


  • 2.  Re: Portal 4.2 using signed SSL certificates
    Best Answer

    Posted 04-30-2018 10:44 AM

    This has been resolved with recent documentation (possibly even linked above). Instead of tssg needed for the second signed certificate, it is {apimname}-ssg.{subdomain} which is valid.