Layer7 API Management

  • Private Community

  • 1.  GMU Conflict

    Posted May 17, 2018 02:36 PM

    Hi , 

     

    while MigrateIn to the Gateway , i am getting below error .. 

     

    https://10.xx.xx.***:8443/restman/1.0/privateKeys/00000000000000000000000000000002:jwt.signingkey.1" type="SSG_KEY_ENTRY"> <l7:Properties> <l7:Property key="ErrorMessage"> <l7:StringValue>No SsgKeyFinder available on this node with id=00000000000000000000000000000002</l7:StringValue> </l7:Property> </l7:Properties>

    Do anyone encountered with this issue??

    Regards,

    Grajesh



  • 2.  Re: GMU Conflict

    Broadcom Employee
    Posted Jun 21, 2018 06:01 AM

    Hi Grajesh,

     

    The migration utility has the option for mappings. You can use it to map the original key values to the new server key values.

    GMU Command Help - CA API Gateway - 9.3 - CA Technologies Documentation 

    You can use this utility to modify the source 'bundle'/xml file and replace all values that match x to now have a value of y.

    Does the private key alias names match between the source and destination machine?

     

    Thanks,

    Gopi



  • 3.  Re: GMU Conflict
    Best Answer

    Posted Jun 21, 2018 06:11 AM

    Hi Gopi,

    I have found out the issue and what you explained is not the case.

    This error is not because of the mapping or anything. this kind of error occurred when you enable HSM in the Gateway and your mapping bundle has certificate or private keys in it. Since HSM is enabled thus you will not be able to update or create new key and hence GMU throw this error. This id shows in the error msg specify 

    id=00000000000000000000000000000002 --> is for software HSM Keystore ID.

    id=00000000000000000000000000000004 --> is for Hardware HSM KeyStore ID.

     

    hope this will help others as well. 

     

    Thanks & Regards,

    Grajesh Chandra