Solved: certificate signing

sbussa · 01-10-2020 11:33 AM

hi guys, any help is appreciated.

We are creating a private key and a cert for keystore for a domain created on apigee, say

api-xyz-np-dev.apigee.net. How can we get the certificate signed by a Certificate Authority? Since the domain is controlled by Apigee/Google, can the Certificate Authority sign the certificate for this domain, as it is not controlled by my company?

Thanks in advance.

dchiesa1

You cannot generate a signed cert for a domain that ends in apigee.net .

That is Apigee's domain, and only Apigee can ask a CA for a signed Certificate asserting that Apigee owns that domain.

It IS possible for you to use an alternative domain name. You can ask a CA to sign a certificate for "api-xyz.mycompany.com" , if you have control over "mycompany.com" . And then you can use THAT certificate and hostalias in your virtualhost.

I described how I used LetsEncrypt (a CA) to generate a signed cert here:

https://community.apigee.com/comments/70026/view.html

View solution in original post

dchiesa1

You cannot generate a signed cert for a domain that ends in apigee.net .

That is Apigee's domain, and only Apigee can ask a CA for a signed Certificate asserting that Apigee owns that domain.

It IS possible for you to use an alternative domain name. You can ask a CA to sign a certificate for "api-xyz.mycompany.com" , if you have control over "mycompany.com" . And then you can use THAT certificate and hostalias in your virtualhost.

I described how I used LetsEncrypt (a CA) to generate a signed cert here:

https://community.apigee.com/comments/70026/view.html

sbussa

Thanks for the response Dino. When you say we have control over "mycompany.com", its reasonable to believe that certificate authority will check who owns the company before signing it. I wonder if Apigee will detect and stop if we are trying to create a virtual host with any random domain alias like google.com.