Layer7 API Management

 View Only
  • 1.  How to set/replace the SSL certificate of the API Gateway?

    Posted Sep 13, 2017 03:41 PM

    I'm a bit confused with how the API Gateway knows which SSL certificate to use when serving SSL content (i.e. for the web based version of the Policy Manager). I'm used with web servers such as Apache and Nginx where you need to provide both the private key and the certificate to the server. As far as I can tell in the API Gateway, you only need to specify a private key (in the listen ports's SSL settings)? Where does it get the certificate from?

     

    I need to make sure the API Gateway is serving SSL content using a certificate that was signed by our internal CA. I'm not sure what I need to do exactly to change the self-signed one we have now, and I'm a bit lost with which doc I need to read for that. There doesn't seem to be one that explains exactly how to do this from a to z.

     

    Could anyone help?

     

    We're using CA API Gateway 9.1

     

    Thanks!



  • 2.  Re: How to set/replace the SSL certificate of the API Gateway?
    Best Answer

    Broadcom Employee
    Posted Sep 13, 2017 09:13 PM

    On the private key properties, click "View Certificate" to view or export the certificate coupled to this private key.

    But it seems you want the cert to be signed by your internal CA, I think you should click "Generate CSR" on private key properties window and send the CSR to your internal CA to sign it. After you get the intermediate cert and root cert, you need to import all of them(including gateway cert) on "Manager certificates" task(root cert should be the Trust Anchor, all the cert should have first 3 options checked). And you may need to replace the cert chain on private key properties window.

    Importing intermediate and primary CA certificates into an existing certificate chain.