Default certificate "test.apim.net" appears on my self-hosted apim gateway configure with a valid well known certificate for custom domain name

Question

Hello,

I'm facing a weird issue with Azure Self-Hosted Apim Gateway.
Let me explain:

I have succesfully deploy a self-hosted gateway in dev environnement since about one month.
I have configure custom domain name "api.mydomain.com", adding a valid well known ssl certificate and configure DNS records A to point on the public Ip address of my gateway...
All works good during 1 month, and since 2 days, all API calls fail with TLS error.

I don't know what is the trigger element, i have renew the gateway token before expiration of 30 days and at the same time add a jwt-validate token to my API policy. I dont have client certificate validation on API policy.
Since that my problem it's appear, coincidence ? I dont know.

For diagnose, i have check the SSL certificate present on my Self-hosted gateway, and it's not my certificate but the default Azure gateway certificate "test.apim.net"...
How it is possible then i see in container logs my certificate thumbprint is loaded ?

I have already try multiple unsuccesfull thing like loaded again my certificate on Azure, redeclare a self-hosted gateway and custom name with loaded certificate, redeploy self-hosted container ... nothing works

Have you any ideas or solution ?

Thx a lot

VTH

Answer 1

Finally i have solved my problem.
I was obliged to import the intermediate CA (Sectigo RSA Domain Validation Secure Server CA) of my certificate on the Api manager instance and assign it to the gateway throught the API Rest.
I dont know why it have been worked 1 month before without this ...

My problem is now solved, but i will appreciate if anyone has an explaination of why it has worked without declaration of any intermediate CA during 1 month.

Thx

VTH