Certificate update to truststore Apigee without restart of Router

1 0 259

I found many users have the issue with the restart of routers while adding new certificate to apigee truststore during MTLS in northbound api call. This is specific to Onprem.

When you are adding certificates to apigee truststore, it doesn't work until you restart the router. Even you use reference also the same is the situation. A restart of Routers frequently in production is not possible in practice.

We found after adding a certificate to truststore, if the reference is refreshed using a PUT call then it will start working without router restart.

Note: In case of delete this doesn't work. You need to restart in case of delete.

Below are commands for reference.

make a request with mtls

curl -k -G -v --key test1.key --cert ClientCertificate.crt:pass https://apigee-test.com/test

upload certificate to truststore

curl -X POST -F "file=@interserv.pem" 'http://MP:8080/v1/o/operations/e/operations/keystores/truststoreops/certs?alias=test1.com&ignoreExpi...' -H 'Authorization: Basic XXXXXXXX'

then put the reference of truststore to refresh

curl -L -X PUT 'http://mp:8080/v1/o/operations/e/operations/references/truststoreopsref' \

-H 'Authorization: Basic XXXXXXXXXXXXXXXXX' \

-H 'Content-Type: application/xml' \

--data-raw '<ResourceReference name="truststoreopsref">

<Refers>truststoreops</Refers>

<ResourceType>KeyStore</ResourceType>

</ResourceReference>'

In case of delete

curl -X DELETE 'http://mp:8080/v1/o/operations/e/operations/keystores/truststoreops/certs/test1.com' -H 'Authorization: Basic *********************'

Restart is required.

Version history
Last update:
‎08-04-2020 03:32 AM
Updated by: