Layer7 API Management

  • Private Community

  • 1.  GMU issue

    Posted Feb 13, 2018 05:53 AM

    Hi All,

     

    I am testing GMU commands to migrate the APIs from lower to higher environment. I ran the below command to accomplish this:

     

    GatewayMigrationUtility.bat migrateOut --host <hostname> --username <migrationuname>--plaintextPassword <password> --plaintextEncryptionPassphrase <pwd> --dest dev.xml --service <serviceID>--defaultAction NewOrUpdate --trustCertificate --trustHostname

     

    But now i want to create a migration user who will use certificate to login rather than to use username and password. Is it possible to create a certificate instead of migration users.

     

    Thanks

    Pratyush



  • 2.  Re: GMU issue
    Best Answer

    Broadcom Employee
    Posted Feb 13, 2018 05:11 PM

    Dear pratysin ,

    I don't have a chance to test it yet, but you should be able to use --clientCert <client certificate> to login.

    Gateway Migration Example - CA API Gateway - 9.2 - CA Technologies Documentation 

    Step 3: Create common argument files 

    Bryan follows the best practice and creates common argument files for the target and source Gateways: 

    • sourceSSGcommon.properties
    • targetSSGcommon.properties

    Bryan includes the pkcs12 file to use for mutual authentication.

    sourceSSGcommon.properties file

    host=source host clientCert=sourceGateway.p12 password=B8HPvx3xsW8.GlPDkJPcmscJTtqM2wTOsA

    targetSSGcommon.properties file

    host=target host clientCert=targetGateway.p12 password=B6IPve3xsW4.GlLDkJPcmsomTtnM2wJOsB

     

    NOTE: you need to create a user with same CN name and associated with the certificate (public key) of the client certificate. This user needs Administrator role.

     

    (the example from the document is a bit weird -- with client certificate you should not need password property anymore.)

     

    Regards,

    Mark