AnsweredAssumed Answered

Star Certificate into 3.5 portal

Question asked by lopju07

on Nov 15, 2017
Latest reply on Nov 16, 2017 by ellaz01

Like • Show 0 Likes0
Comment • 4

Hello

In a project a customer is asking to put a *.domain ssl certificate signed for a public CA in order to not get warnings on the browsers.

I know is not a good practice, but I want to know if someone else do it. As portal uses this certiticati to make machine2machine authentication with gateway I asume will not work, but want be sure.

thanks

Stephen_Hughes

Nov 15, 2017 11:32 PM

Correct Answer

You can use a wildcard certificate to communicate machine to machine in particular the gateway. This may require that you set the cluster wide property io.httpsHostAllowWildcard to true on the Gateway but this is mainly for outbound calls not inbound.

Sincerely,

Stephen Hughes

Director, CA Support

See the reply in context

No one else had this question

Outcomes

Stephen_Hughes

Nov 15, 2017 11:32 PM

Sincerely,

Stephen Hughes

Director, CA Support

3 people found this helpful

Actions

lopju07

@ Stephen_Hughes on Nov 16, 2017 3:43 PM

Many thanks Stephen

So I asume is intended for inbound, outbound conections with wildcar maybe will fail. i will try It.

Is posible to configure portal to present a wildcard Cert and made the authentication in the gateway with a mchine specific cert?

Juan

Actions

ellaz01

@ lopju07 on Nov 16, 2017 5:27 PM

Juan,

I think I understand your question, but please correct me if I'm wrong.There are two sets of keys/certs that are used by the API Portal. The key/cert for outbound communication (Mutual Authentication between API Portal and API Gateway), is the one described here:

https://docops.ca.com/ca-api-developer-portal/3-5/en/set-up-the-api-portal/prepare-the-gateway-for-the-api-portal/enable-ssl-with-mutual-authentication

The inbound certificate that is presented to end users in the browser is configured in httpd. It has a default certificate, but you can change it using the instructions here:

https://docops.ca.com/ca-api-developer-portal/3-5/en/set-up-the-api-portal/configure-ssl-and-mutual-authentication/configure-ssl-for-the-api-portal

So you can have a one certificate for the API Portal to use when communicating with the API Gateway, and a different certificate for the API Portal when presenting to the end user in the browser. Let me know if I understood your question correctly, and whether this is helpful.

Regards,

Azad

3 people found this helpful

Actions

lopju07

@ ellaz01 on Nov 16, 2017 6:49 PM

Azad you undestood the question percetly. The standard procedure is use the generated private key/cert generated in the first step for both task, inbound and outbound, and I'm guessing if is neede for something or I can use different certs as is stated in the second point.

thanks!!!

Actions

4 Replies

Stephen_Hughes Nov 15, 2017 11:32 PM
Unmark Correct
Correct Answer
You can use a wildcard certificate to communicate machine to machine in particular the gateway. This may require that you set the cluster wide property io.httpsHostAllowWildcard to true on the Gateway but this is mainly for outbound calls not inbound.

Sincerely,

Stephen Hughes
Director, CA Support
3 people found this helpful
Like • Show 3 Likes3
Actions
- lopju07 @ Stephen_Hughes on Nov 16, 2017 3:43 PM
  Mark Correct
  Correct Answer
  Many thanks Stephen
  So I asume is intended for inbound, outbound conections with wildcar maybe will fail. i will try It.
  
  Is posible to configure portal to present a wildcard Cert and made the authentication in the gateway with a mchine specific cert?
  
  Juan
  Like • Show 0 Likes0
  Actions
  - ellaz01 @ lopju07 on Nov 16, 2017 5:27 PM
    Mark Correct
    Correct Answer
    Juan,
    
    I think I understand your question, but please correct me if I'm wrong.There are two sets of keys/certs that are used by the API Portal. The key/cert for outbound communication (Mutual Authentication between API Portal and API Gateway), is the one described here:
    https://docops.ca.com/ca-api-developer-portal/3-5/en/set-up-the-api-portal/prepare-the-gateway-for-the-api-portal/enable-ssl-with-mutual-authentication
    
    The inbound certificate that is presented to end users in the browser is configured in httpd. It has a default certificate, but you can change it using the instructions here:
    https://docops.ca.com/ca-api-developer-portal/3-5/en/set-up-the-api-portal/configure-ssl-and-mutual-authentication/configure-ssl-for-the-api-portal
    
    So you can have a one certificate for the API Portal to use when communicating with the API Gateway, and a different certificate for the API Portal when presenting to the end user in the browser. Let me know if I understood your question correctly, and whether this is helpful.
    
    Regards,
    Azad
    3 people found this helpful
    Like • Show 3 Likes3
    Actions
    - lopju07 @ ellaz01 on Nov 16, 2017 6:49 PM
      Mark Correct
      Correct Answer
      Azad you undestood the question percetly. The standard procedure is use the generated private key/cert generated in the first step for both task, inbound and outbound, and I'm guessing if is neede for something or I can use different certs as is stated in the second point.
      
      thanks!!!
      Like • Show 0 Likes0
      Actions

Star Certificate into 3.5 portal

Outcomes

Related Content

Recommended Content