API Portal Sync with API GW failed with No subject alternative DNS name

Document ID : KB000074946
Last Modified Date : 10/04/2018
Show Technical Document Details
Issue:
Since Portal CR6 upgrade, sync between portal and API GW is failing in our Certification environment .  Each time Portal commnicate with API GW a handshake error raises

02/27 12:25:09.574 ERROR (http-nio-37080-exec-17:) - [APIListXS general] -- javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative DNS name matching xyzfound 
Environment:
CA API Developer Portal 3.5 CR6
Cause:
The issue is seen when Portal is configured to accept the gateway certificate which is not the default SSL of the gateway( this is specified when configuring portal using config.sh script). In such case the Portal is looking to be presented with the certificate matching its entry for gateway certificate, in this case 'xyz' but gateway presents its default certificate 'abc' 

 
Resolution:
To resolve this one must configure the port specified while running config.sh script to present the certificate which is added in portal's TrustStore.

1. Login to policy manager using any other port other than the one which you are changing. example if you would like to change 8443 port then please login using 9443( specify under hostname (:9443)
2. Go to task--> Listen ports select the port 8443
3. Under ssl/tls settings server private key ... select the private key whose certificate is being used in portal.

Then login to portal and go to gateway plugin http:///admin?action=PLUGIN-lrsgateway Then click the Sync API Plans . ============================ 
Additional Information:
Also the user must have Administrative role

https://docops.ca.com/ca-api-developer-portal/3-5/en/set-up-the-api-portal/prepare-the-gateway-for-the-api-portal/enable-ssl-with-mutual-authentication