Gateway Enrollment Fails on API Gateway

Document ID : KB000008668
Last Modified Date : 14/02/2018
Show Technical Document Details
Issue:

When attempting to to enroll the API Gateway cluster with API Portal from the task menu, the resulting error is:

"Unable to enroll: RESTMAN failed with result=<class com.l7tech.policy.assertion.AssertionStatus: 0=FINE:No Error> httpStatus=409: <?xml version="1.0" encoding="UTF-8" standalone="yes"?>" 

The actual reason for the failure can be found in the SSG log on gateway:

WARNING 35 com.l7tech.external.assertions.gatewaymanagement.server.ServerRESTGatewayManagementAssertion: 9050: Error processing management request: <?xml version="1.0" encoding="UTF-8" standalone="yes"?> 

<l7:Item xmlns:l7="http://ns.l7tech.com/2010/04/gateway-management"> 

... 

<l7:Mapping action="NewOrExisting" errorType="TargetNotFound" srcId="00000000000000000000000000000002:SSL" type="SSG_KEY_ENTRY"> 

<l7:Properties> 

<l7:Property key="ErrorMessage"> 

<l7:StringValue>Could not locate entity: Fail on new specified and could not locate existing target. Source Entity: EntityHeader. Name=null, id=00000000000000000000000000000002:SSL, description=null, type = SSG_KEY_ENTRY</l7:StringValue> 

</l7:Property> 

<l7:Property key="FailOnNew"> 

<l7:BooleanValue>true</l7:BooleanValue> 

</l7:Property> 

</l7:Properties> 

</l7:Mapping> 




Environment:
CA API Gateway 9.2 appliance CA API Portal 4.1
Resolution:

The resolution is to ensure the default private key on the API Gateway tenant has an alias of "ssl" 

The application is expecting a default private key with an alias of "ssl". If the key does not exist, please recreate one and confirm that entity exists by running https://<SSG_URL>:8443/restman/1.0/privateKeys 

 

 

Additional Information:

Occasionally, after the original error is resolved, the following error may occur:

The original error may still occur in the Policy Manager but there is a different error in SSG log:

 

/l7:Mapping>

<l7:Mapping action="NewOrExisting" errorType="TargetNotFound" srcId="f7b0867f9dd395f4d60fd722248300d7" type="ENCAPSULATED_ASSERTION">

<l7:Properties>

<l7:Property key="ErrorMessage">

<l7:StringValue>Could not locate entity: Fail on new specified and could not locate existing target. Source Entity: EntityHeader. Name=Portal API Key Sync, id=f7b0867f9dd395f4d60fd722248300d7, description=null, type = ENCAPSULATED_ASSERTION</l7:StringValue>

</l7:Property>

<l7:Property key="FailOnNew">

<l7:BooleanValue>true</l7:BooleanValue>

</l7:Property>

<l7:Property key="MapBy">

<l7:StringValue>name</l7:StringValue>

</l7:Property>

</l7:Properties>

</l7:Mapping> 

 

This secondary issue is a result of not installing the "Shared Portal Components" during the OTK solution kit installation.