I have an API Gateway node (or cluster) which is reporting an SSL error during the enrollment process with API Management SaaS ("API Portal").
This issue is caused by an SSL incompatibility.
Edit the system.properties file on the API Gateway node to change the SSL library. This is a temporary change just needed for enrollment. Once enrollment succeeds, it can be removed from the system.properties file.
- Edit system.properties located here: /opt/SecureSpan/Gateway/node/default/etc/conf/system.properties
- Add the following line to the file, and save the changes: com.l7tech.common.security.jceProviderEngineName=rsa
- Restart the API Gateway service: service ssg restart
Next, the previous enrollment attempt must be cleaned up before trying the enrollment process again. If the enrollment was never attempted, then the following steps can be skipped.
- Delete API Gateway from API Portal:
- Login to API Management SaaS instance as admin.
- Go to Settings > API Proxy
- Click the "Delete" button of the target proxy which is in the state of "Cluster is currently pending completion".
- Cleanup the failed API Gateway:
- Login to the API Gateway as admin via Policy Manager.
- Under Manage Certificates & Keys, delete the certificates created from the previous enrollment attempt. Note: Do not delete the API Gateway's self-signed certificate.
- Under Manage Scheduled Tasks, delete all scheduled tasks.
- Under Certificates, Keys, and Secrets, delete the Portalman private key.
- Under Cluster-Wide Properties, delete all properties that begin with "portal".
Attempt the enrollment process again.
If it succeeds, the system property added earlier in the workaround should be removed and the API Gateway restarted one more time. If the same SSL failure during enrollment is encountered, contact CA Support for further assistance.
- Integrate On-Premise API Gateway with API Management SaaS: https://docops.ca.com/ca-api-management-saas/en/set-up-and-maintenance/integrate-on-premise-api-proxies