API Gateway is started but is being shown as STARTING in the Gateway Status.

Document ID : KB000092323
Last Modified Date : 26/06/2018
Show Technical Document Details
Issue:
API Gateway is started but is being shown as STARTING in the Gateway Status.

The sspc log contains errors similar to the following :
2017-11-20T20:04:19.550+0100 WARNING 1 com.l7tech.server.processcontroller.p: default may still be starting, but API is throwing unexpected exceptions
javax.xml.ws.soap.SOAPFaultException: Request denied (no certificate).
at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:157)
at com.sun.proxy.$Proxy83.ping(Unknown Source)
at com.l7tech.server.processcontroller.p.b(Unknown Source)
at com.l7tech.server.processcontroller.p.a(Unknown Source)
at com.l7tech.server.processcontroller.ProcessController.a(Unknown Source)
at com.l7tech.server.processcontroller.ProcessController.a(Unknown Source)
at com.l7tech.server.processcontroller.ProcessControllerDaemon.a(Unknown Source)
at com.l7tech.server.processcontroller.ProcessControllerDaemon.main(Unknown Source)
Caused by: org.apache.cxf.binding.soap.SoapFault: Request denied (no certificate).
at org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.unmarshalFault(Soap11FaultInInterceptor.java:84)
at org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMessage(Soap11FaultInInterceptor.java:51)
at org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMessage(Soap11FaultInInterceptor.java:40)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:263)
at org.apache.cxf.interceptor.AbstractFaultChainInitiatorObserver.onMessage(AbstractFaultChainInitiatorObserver.java:114)
at org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:69)
at org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:34)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:263)
at org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:812)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:1674)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:1509)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1417)
at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)
at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:650)
at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:263)
at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:542)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:473)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:376)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:329)
at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:95)
at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:135)
... 7 more
Cause:
This error occurs when the Process Controller (SSPC) is unable to authenticate itself with the Gateway. The Process Controller uses client certificate authentication to open an SSL secured connection over a specific port on the API Gateway. This port is reflected by the Process Controller Port declaration file (processControllerPort). This issue may occur when a Listen Port the Process Controller communicates on is set to not use client certificate authentication. 
 
Resolution:
Use the following steps to resolve this issue :
1) Please check the contents of /opt/SecureSpan/Gateway/node/default/var/processControllerPort. Note the port number contained within it. By default, this port is 2124, but yours may be different. 
2) Log in to the Policy Manager. Go to [Tasks] > Manage Listen Ports. Select the Listen Port noted from the file in step one above, and click on [Properties]. 
3) On the Listen Port Properties window, click the [SSL/TLS Settings] tab. Ensure that Client Authentication is set to 'Optional' or 'Required' rather than 'None'. Save the changes. 
4) Reboot the node.