Layer7 API Management

  • 1.  GMU MigrateOut specific service along with Certificates

    Posted Jun 19, 2018 08:42 AM

    Hi All,

     

    Is there any way to export service along with trusted certificate that uses during execution using GMU. I have tried migrateOut specfic service with includeOnlydependencies. However the results doesn't show any type with TRUSTED_CERT however when i do migrateOut with option --all it is exporting type TRUSTED_CERT with all the cert added to trust store.

     

    Example: i have service named test that uses cert cert1(out of 5 certs in trust store). Now i want to migarteOut service along with its dependent certificate in use. is that possible? can we even consider Certificate as a dependency ?

     

    Command I have tried.

    GatewayMigrationUtility.bat migrateOut -z argFile.properties --dest arjun5.xml --defaultAction NewOrExisting --serviceName "root/test" -includeOnlyDependencies

     

    GatewayMigrationUtility.bat migrateOut -z argFile.properties --dest arjun3.xml --defaultAction NewOrExisting --serviceName "root/test" -includeOnlyServicePolicy

     

    No Trusted_Cert type is exported into *.xml files during the above. However it did when i did the below

     

    GatewayMigrationUtility.bat migrateOut -z argFile.properties --all --dest arjun.xml --defaultAction Ignore

     

    any answers will be appreciated.

     

    Regards,

    Arjun



  • 2.  Re: GMU MigrateOut specific service along with Certificates

    Broadcom Employee
    Posted Jun 20, 2018 11:38 AM

    Can you provide example of assertion you are using referencing a specific certificate?



  • 3.  Re: GMU MigrateOut specific service along with Certificates

    Posted Jun 21, 2018 06:03 AM

    The assertion that we are using for certificate validation is

     

    Require SSL or TLS transport with Certificate validation from access control Assertion.

     

    <?xml version="1.0" encoding="UTF-8"?>

    <wsp:Policy xmlns:L7p="http://www.layer7tech.com/ws/policy" xmlns:wsp="http://schemas.xmlsoap.org/ws/2002/12/policy">

        <wsp:All wsp:Usage="Required">

            <L7p:SslAssertion>

                <L7p:RequireClientAuthentication booleanValue="true"/>

            </L7p:SslAssertion>

        </wsp:All>

    </wsp:Policy>

     

     

    Best regards,

     

    Arjun Pilli

    Layer 7 Specialist

     

     

     

     

    Quadrant Systems

     

     

     

    +27840611655

     

    Direct Tel.

     

    +27840611655

     

    Mobile

     

     

    EXT.Arjun.Pilli@dsv.com

    www.dsv.com

     

    <http://www.dsv.com/>



  • 4.  Re: GMU MigrateOut specific service along with Certificates

    Broadcom Employee
    Posted Jun 21, 2018 12:16 PM

    It this case there is no direct dependency to the certificate to include for export.  It does not reference any specific certificate to be included in the export. 



  • 5.  Re: GMU MigrateOut specific service along with Certificates

    Posted Jun 22, 2018 08:45 AM

    Thank you for the confirmation. It helps. Could you also let me know what are the assertions that directly reference certificates as dependency ?

     

     

    Best regards,

     

    Arjun Pilli

    Layer 7 Specialist

     

     

     

     

    Quadrant Systems

     

     

     

    +27840611655

     

    Direct Tel.

     

    +27840611655

     

    Mobile

     

     

    EXT.Arjun.Pilli@dsv.com

    www.dsv.com

     

    <http://www.dsv.com/>



  • 6.  Re: GMU MigrateOut specific service along with Certificates

    Broadcom Employee
    Posted Dec 14, 2018 03:18 PM

    Arjun,

     

    Any assertion that uses encryption would have a trusted certificate aligned to it and would be exported as a dependency through the GMU migrateOut action.

     

    This was another post around moving of certificates: How to copy keystore between clusters 

     

    Sincerely,

     

    Stephen Hughes

    Broadcom Support