Troubleshoot mismatch of self-signed certificates - PingIntelligence for APIs

Troubleshoot mismatch of self-signed certificates - PingIntelligence for APIs - 4.4

PingIntelligence

bundle

pingintelligence-44

ft:publication_title

PingIntelligence

Product_Version_ce

PingIntelligence for APIs 4.4

category

APISecurity

AdvancedAPICybersecurity

Capability

Environment

Product

apisecurity

capability

linux

pi-44

pingintelligence

private

ContentType_ce

Page created: 6 Nov 2020 |

Page updated: 12 May 2021

| 1 min read

4.4 Capability API Security Advanced API Cybersecurity Linux On-Premises Operating System Hosting Environment PingIntelligence for APIs Product

If the ASE certificate is changed after the deployment of PingIntelligence policy and it does not match with the certificate present in the ase.pem certificate file, you might encounter SSL related issues. To resolve them, complete the following steps:

Undeploy the PingIntelligence policy by following either of the two options as applicable:
- Undeploy PingIntelligence policy for Flow Hook with self-signed certificate
- Undeploy PingIntelligence policy for Flow Call Out with self-signed certificate
Paste the correct certificate in the /opt/pingidentity/pi/apigee/certs/ase.pem file. To obtain the correct certificate, run the following command.
```
# openssl s_client -showcerts -connect <ASE IP address>:<port no> </dev/null 2>/dev/null | openssl x509 -outform PEM > ase.pem
```
Redeploy the PingIntelligence policy by following either of the two options as applicable:
- Deploy PingIntelligence policy for Flow Hook with self-signed certificate
- Deploy PingIntelligence policy for Flow Call Out with self-signed certificate

Note: Make sure that the ase_ssl parameter in /pingidentity/pi/apigee/config/apigee.properties file is set to true.