No, there is not. As Charles pointed out, one *could* write policy that leverages restman to do something like this, but that would defeat the security of the SSL. If someone can hijack the connection and deploy a bogus certificate and we automatically accept it (even if it is through an automated process), then why bother with SSL in the first place?
The proper way to manage this is to use non self-signed certificates where a trusted third party is involved. By default the Gateway trusts no one. If the certs are being signed by a well known authority then setting
pkix.useDefaultTrustAnchors=true should solve your problem (as Charles indicated). If not, or if you want to maintain tighter security by explicitly declaring trust in a single well known authority, then you need to import the signing authority's certificate and set it for Signing Certificates for Outbound Connections in the certificate properties dialogue. If all of the certificates are self signed, then you need to handle it with process - ensure that the certificates are installed in the Gateway prior to running traffic to that endpoint.------------------------------
Jay MacDonald - Adoption Architect - Broadcom API Management (Layer 7)
------------------------------
Original Message:
Sent: 11-13-2019 11:03 AM
From: Charles LILIENKAMP
Subject: Is there any possibility of Auto renewal of Back end(Target host) certificates in Layer 7
I dont know of an option for this. But are they using a Trusted authority on their certs?
You could possibly soften the gateway with Cluster wide Property,
pkix.useDefaultTrustAnchors=true
https://ca-broadcom.wolkenservicedesk.com/external/article?articleId=42849
Otherwise you might be able to create a policy to route if it fails. Try to workout restman syntax to import the certificate etc. And run this as a scheduled task. But that is a bit of time/testing/and work to prove it out.
Thanks..
Original Message:
Sent: 11-12-2019 10:32 PM
From: narasimhareddy pappireddy
Subject: Is there any possibility of Auto renewal of Back end(Target host) certificates in Layer 7
Hi Guys,
I am having issue with renewal of certificates in Layer 7.
consider a front end URL -- https://xxxx.frontendurl.com Backend/ Target host URL https://xxxx.backendurl.com/fd ,
The thing is Back end certificate is keeps on changing , As it is in production requests are failing and making huge loss of revenue.
is there any possibility of auto renewal of certificates feature like whenever the back end is changed it should reflect / change the back end certificate in layer 7 end (for the Layer 7 ).
kindly help me out .
FYI..
the layer 7 host is in On premise (Not cloud ).
------------------------------
Thanks & Regards,
P Narasimha Reddy,
M: +91 8179635246.
------------------------------