Layer7 API Management

  • Private Community
 View Only

  • 1.  What does MAG do with the client's public key on device registration?

    Posted Sep 29, 2015 05:04 PM

    We're working through a scenario where a device is registered on MAG without using the Mobile SDK.  The mobile device generates a private/public key set, creates the CSR, and calls /connect/device/register service (register_device - CA Mobile API Gateway - 2.4 - CA Technologies Documentation).  Does the client's public key ever get stored on the gateway side (database or other) or is only the cert DN (CN, OU, DC, O) stored?



  • 2.  Re: What does MAG do with the client's public key on device registration?
    Best Answer

    Broadcom Employee
    Posted Sep 29, 2015 05:37 PM

    No, the client's public key does not get stored on the gateway side. Currently, the MAG only stores the SHA-1 thumbprint and certificate DN.



  • 3.  Re: What does MAG do with the client's public key on device registration?

    Posted Sep 30, 2015 02:17 PM

    Interesting, so does that mean that the MSSO Require Registered Device - Mutual SSL policy fragment is just verifying the signed certificate was indeed signed by the gateway?



  • 4.  Re: What does MAG do with the client's public key on device registration?

    Posted Sep 30, 2015 09:39 PM

    There are two checks MAG does/ can do:

    - by default it will check if the certificate has been created by MAG. This will fail if not. It will also fail if the device has been de-registered

    - optionally MAG will check if the certificate has been signed by MAG

    Customers could modify the default implementation. That's why we support multiple ways of verifications.