Layer7 API Management

  • Private Community
 View Only

  • 1.  Certificate renewal

    Posted Apr 25, 2017 09:34 AM

    Hi,

     

    We are currently deploying 24 renewed certificates on our Software Gateways (9.1), for the admin port, using Policy Manager.

    For some gateways, the new certificate is shown when calling an API, whereas on some other the old one is still being sent and thus we are forced to restart the service.

    Please note we're deleting the soon to be expired certiicate before importing new one.



  • 2.  Re: Certificate renewal

    Broadcom Employee
    Posted Apr 25, 2017 07:37 PM

    Good afternoon,

     

    Would you be able to confirm if you are replacing Private Keys or Certificates (Manage Certificates interface) on the gateway? If it is private keys, do they have similar chains or updated chains to other private keys loaded on the gateway?

     

    Sincerely,

     

    Stephen Hughes

    Director, CA Support



  • 3.  Re: Certificate renewal

    Posted Apr 26, 2017 05:44 AM

    We are replacing both.

    Method:

    - remove private key

    - import private key

    - remove certificate

    - import certificate

    - Rebind admin listen port to newly imported alias.

     

    Chains are similar as we are using same CSR in order to renew certificate on our corporate PKI.



  • 4.  Re: Certificate renewal
    Best Answer

    Posted Apr 26, 2017 09:14 AM

    Hello

     

    Are the listen ports using the default ssl key, in which case a restart of the Gateway would be required.

     

    Regards

    Christopher Clark

    CA Support