How do I validate whether the client certificate I have works with the API Mediation Layer

[balhar-jakub]

I created or got a certificate created by my certificate authority.
What is the easiest way to validate whether the client certificate will work correctly with the given API Mediation Layer instance and how do I debug what is wrong with it?

[achmelo]

A good place to start is to get information from the server about accepted CA names using openssl
openssl s_client -connect host:port -prexit
this would among other information print: Acceptable client certificate CA names
In case your CA is among the list, use cURL to call gateway login endpoint
curl -v -c jwt.txt --key ./cert.key --cert ./cert.pem -X POST 'https://<host>:<port>/gateway/api/v1/auth/login' -H 'accept: */*' -H 'Content-Type: application/json'
If curl fails to obtain JWT, then enable gateway debug logs, rerun curl request and search for keywords "x509" or "NativeMapper"