How to use ECC Private Key certs as default certificate.

Document ID : KB000095052
Last Modified Date : 18/06/2018
Show Technical Document Details
Question:
How can i use a ECC Private Key certificate as the API gateway default certificate. Duringthe installation process for the certificate, the gateway gives me the error, that a component (which we don't use) don't work with ECC keys.

How can I install the certificate anyway?
Answer:
To set a  ECC Private Key certificate  as a default cert despite the warning  do the following .

On windows 
edit the "CA API Gateway Policy Manager.ini" file in for example 
C:\Program Files (x86)\CA Technologies\CA API Gateway Policy Manager 9.3.00-CR01 

add the following option to the policy manager command line 
-Dcom.l7tech.allowEcKeyForDefaultSsl=true 

the line would look like this . 

commandline=javaw -Dfile.encoding=UTF-8 -Duser.language=en -Duser.country=US -Dcom.l7tech.allowEcKeyForDefaultSsl=true -Xms128M -Xmx1024M -Xss256k -Dsun.net.inetaddr.ttl=10 -Dnetworkaddress.cache.ttl=10 -jar Manager.jar 

Restart the policy manager . 
Now you can assign the ECC cert as default. 

On Linux you need to add this to the the policy manager startup file Manager.sh