IT29791: TLS SERVER PROFILE INCOMPLETELY POPULATED FROM API CONNECT IF IT CONTAINS INTERMEDIATE CACERTIFICATES
Closed as program error.
TLS Server Profile is incompletely populated to DataPower API Gateway from APIC if it contains Intermediate CA certificates: the intermediate CA certificates in the DataPower's cert directory shows 0 bytes, and in Crypto Identification Credentials object intermediate certificates are not there. Steps to recreate the issue: 1. After create the p12 file, go to Cloud Manager -> Resources -> TLS. First create a Keystore, in the Keystore, upload the p12 file in "Step 1: Upload private key". 2. In Cloud Manager -> Resources -> TLS, create a "TLS Server Profile", in "Keystore" select the one that created earlier. 3. Go to Cloud Manager -> Topology, for the gateway service, change the "API Invocation Endpoint" "TLS SERVER PROFILE" to the new one and click save. 4. On the DataPower side, the "Crypto Identification Credentials" object in DataPower's apic domain, for "Intermediate CA certificate" field, the list is "(empty)" In addition, the intermediate certificates are in the cert directory with 0 bytes.
Intermediate certificates were not configured properly when running in APIGW.
Fix is available in 2018.4.1.8 For a list of the latest fix packs available, please see: http://www-01.ibm.com/support/docview.wss?uid=swg21237631
Reported component name
Reported component ID
NoSpecatt / Xsystem
Last modified date
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fixed component name
Fixed component ID