Private client certificate certificate for authentication

Document ID : KB000009177
Last Modified Date : 14/02/2018
Show Technical Document Details
Issue:

There is a scenario where requires some information to 3rd party soap service that has certificate based communication. 

 

the customer has got below certificate from 3rd party service

 

  1. Security Certificate
  2. .pfx (personal information exchange) file

 

They are using CA API Gateway 9.1 and have imported both these certificates under Tasks-->ManageCertificates.

 

I have enabled below options and restarted the Gateway to reflect the changes.  

 

Post restart they have created a simple service to send a request to 3rd party via Gateway and it did not work and it is throwing below exception

 

"Problem routing to XXXXXXXXXXXXXXXXXXXXXXXXXX. Error msg: Unable to obtain HTTP response from XXXXXXXXXXXXXXXXXXXXXXXXXX: Connection reset 

Environment:
Gateway : 9.1/9.2
Cause:

In this scenario, the customer imported the provided certificate into their Certificates.

Resolution:

If the 3rd party requires to send a specific client certificate to authenticate, then you are missing a piece of configuration.
First you need to import the provided certificate in your Private Keys, not your Certificates.

 

Then you need to right-click on the Route via HTTPS assertion and click Select Private Key, select Use custom private key, and then select the key you have imported.

 

The route will then pass the right private key when sending the request.

 

See this thread for more info on configuring mutual ssl: 

https://communities.ca.com/thread/241736840