I cannot enroll my on-premise ("Proxy") API Gateway with API Management SaaS. Receiving SSL errors.

Document ID:  TEC1387795
Last Modified Date:  07/14/2017
{{active ? 'Hide' : 'Show'}} Technical Document Details

Products

  • CA API Management SaaS

Components

  • API MANAGEMENT SAAS:APIPRS
Symptoms:

I have an API Gateway node (or cluster) which is reporting an SSL error during the enrollment process with API Management SaaS ("API Portal").

Environment:
This issue most often occurs in a Proof Of Concept (POC) / Trial environment.
Cause:

This issue is caused by an SSL incompatibility.

Workaround:

Edit the system.properties file on the API Gateway node to change the SSL library. This is a temporary change just needed for enrollment. Once enrollment succeeds, it can be removed from the system.properties file.

  1. Edit system.properties located here: /opt/SecureSpan/Gateway/node/default/etc/conf/system.properties
  2. Add the following line to the file, and save the changes: com.l7tech.common.security.jceProviderEngineName=rsa
  3. Restart the API Gateway service: service ssg restart

Next, the previous enrollment attempt must be cleaned up before trying the enrollment process again. If the enrollment was never attempted, then the following steps can be skipped.

  1. Delete API Gateway from API Portal:
    1. Login to API Management SaaS instance as admin.
    2. Go to Settings > API Proxy
    3. Click the "Delete" button of the target proxy which is in the state of "Cluster is currently pending completion".
  2. Cleanup the failed API Gateway:
    1. Login to the API Gateway as admin via Policy Manager.
    2. Under Manage Certificates & Keys, delete the certificates created from the previous enrollment attempt. Note: Do not delete the API Gateway's self-signed certificate.
    3. Under Manage Scheduled Tasks, delete all scheduled tasks.
    4. Under Certificates, Keys, and Secrets, delete the Portalman private key.
    5. Under Cluster-Wide Properties, delete all properties that begin with "portal".

Attempt the enrollment process again.

If it succeeds, the system property added earlier in the workaround should be removed and the API Gateway restarted one more time. If the same SSL failure during enrollment is encountered, contact CA Support for further assistance.

Additional Information:

Please help us improve!

Will this information enable you to resolve your issue?

Please tell us what we can do better.

{{feedbackText.length ? feedbackText.length : '0'}}/255

{{status}}

Not what you were looking for?

Search Again >

Product Information

Support by Product >

Communities

Join a Community >

Chat with CA

Just give us some brief information and we'll connect you to the right CA ExpertCA sales representative.

Our hours of availability are 8AM - 5PM CST.

All Fields Required

connecting

We're matching your request.

Unfortunately, we can't connect you to an agent. If you are not automatically redirected please click here.

  • {{message.agentProfile.name}} will be helping you today.

    View Profile


  • Transfered to {{message.agentProfile.name}}

    {{message.agentProfile.name}} joined the conversation

    {{message.agentProfile.name}} left the conversation

  • Your chat with {{$storage.chatSession.messages[$index - 1].agentProfile.name}} has ended.
    Thank you for your interest in CA.


    Rate Your Chat Experience.

    {{chat.statusMsg}}

agent is typing