Using a CA-signed certificate - PingIntelligence for APIs

Using a CA-signed certificate - PingIntelligence for APIs - 5.2

PingIntelligence

bundle

pingintelligence-52

ft:publication_title

PingIntelligence

Product_Version_ce

PingIntelligence for APIs 5.2 (Latest)

category

APISecurity

AdvancedAPICybersecurity

Capability

Environment

Product

apisecurity

capability

linux

pi-52

pingintelligence

private

ContentType_ce

To use a Certificate Authority (CA)-signed SSL certificates, follow the process shown below to create a private key, generate a certificate signing request (CSR), and request a certificate:

A diagram of the process for using a Certificate Authority-signed SSL certificate.

Note:

ASE internally validates the authenticity of the imported certificate.

Create a private key.

/optCDO:/content/authoring/nrc1651605112856.image/pingidentity/ase/bin/cli.sh create_key_pair -u admin -p
Warning: create_key_pair will delete any existing key_pair, CSR and self-signed certificate
Do you want to proceed [y/n]:y
OK, creating new key pair. Creating DH parameter may take around 20 minutes. Please wait
Key created in keystore
dh param file created at /opt/pingidentity/ase/config/certs/dataplane/dh1024.pem

Note:

ASE command-line interface (CLI) is used to create a 2048-bit private key and to store it in the key store.

Create a CSR.

/opt/pingidentity/ase/bin/cli.sh create_csr -u admin -p 
Warning: create_csr will delete any existing CSR and self-signed certificate
Do you want to proceed [y/n]:y
please provide following info
Country Code >US
State > Colorado
Location >Denver
Organization >Pingidentity
Organization Unit >Pingintelligence
Common Name >ase
Generating CSR. Please wait...
OK, csr created at /opt/pingidentity/ase/config/certs/dataplane/ase.csr

ASE takes you through a CLI-based interactive session to create a CSR.

Upload the CSR created in step 2 to the CA-signing authority’s website to get a CA-signed certificate.
Download the CA-signed certificate from the CA-signing authority’s website.

Use the CLI to import the signed CA certificate into ASE. The certificate is imported into the key store.

/opt/pingidentity/ase/bin/cli.sh import_cert <CA signed certificate path> -u admin -p 
Warning: import_cert will overwrite any existing signed certificate
Do you want to proceed [y/n]:y
Exporting certificate to API Security Enforcer...
OK, signed certificate added to keystore

Restart ASE by first stopping and then starting ASE.