Layer7 API Management

  • 1.  Star Certificate into 3.5 portal

    Posted Nov 15, 2017 04:31 PM

    Hello 

    In a project a customer is asking to put a *.domain ssl certificate signed for a public CA in order to not get warnings on the browsers. 

     

    I know is not a good practice, but I want to know if someone else do it. As portal uses this certiticati to make machine2machine authentication with gateway I asume will not work, but want be sure.

     

    thanks



  • 2.  Re: Star Certificate into 3.5 portal
    Best Answer

    Broadcom Employee
    Posted Nov 15, 2017 06:33 PM

    You can use a wildcard certificate to communicate machine to machine in particular the gateway. This may require that you set the cluster wide property io.httpsHostAllowWildcard to true on the Gateway but this is mainly for outbound calls not inbound.

     

    Sincerely,

     

    Stephen Hughes

    Director, CA Support



  • 3.  Re: Star Certificate into 3.5 portal

    Posted Nov 16, 2017 10:44 AM

    Many thanks Stephen

    So I asume is intended for inbound, outbound conections with wildcar maybe will fail. i will try It.

     

    Is posible to configure portal to present a wildcard Cert and made the authentication in the gateway with a mchine specific cert?

     

    Juan



  • 4.  Re: Star Certificate into 3.5 portal

    Broadcom Employee
    Posted Nov 16, 2017 12:28 PM

    Juan,

     

    I think I understand your question, but please correct me if I'm wrong.There are two sets of keys/certs that are used by the API Portal. The key/cert for outbound communication (Mutual Authentication between API Portal and API Gateway), is the one described here:

    https://docops.ca.com/ca-api-developer-portal/3-5/en/set-up-the-api-portal/prepare-the-gateway-for-the-api-portal/enable-ssl-with-mutual-authentication

     

    The inbound certificate that is presented to end users in the browser is configured in httpd. It has a default certificate, but you can change it using the instructions here:

    https://docops.ca.com/ca-api-developer-portal/3-5/en/set-up-the-api-portal/configure-ssl-and-mutual-authentication/configure-ssl-for-the-api-portal

     

    So you can have a one certificate for the API Portal to use when communicating with the API Gateway, and a different certificate for the API Portal when presenting to the end user in the browser. Let me know if I understood your question correctly, and whether this is helpful.


    Regards,

    Azad



  • 5.  Re: Star Certificate into 3.5 portal

    Posted Nov 16, 2017 01:49 PM

    Azad you undestood the question percetly. The standard procedure is use the generated private key/cert generated in the first step for both task, inbound and outbound, and I'm guessing if is neede for something or I can use different certs as is stated in the second point.

     

    thanks!!!