I can't start the CA Access Gateway in Secure Cloud

Document ID : KB000105979
Last Modified Date : 11/07/2018
Show Technical Document Details
Question:
We have recently deployed a new ssl certificate for the apache server in our ca secure gateway machines, because the old one was about to expire. Following that we can't start the CA Access Gateway, as every attempt results in the following message being thrown

Unable to start SSL enabled Apache; not attempting to start Proxy Engine 
Consult stdout or Apache logs for details. 

How can we solve this ?
Environment:
CA Secure Cloud and CA Access Gateway, all versions
Answer:
There are several reasons for this, but the most likely one is a certificate mismatch. To determine if this is the case, check the httpd logs under /opt/CA/secure-proxy/proxy-engine/logs and look for entries like the following

[Tue Jul 10 09:54:35.139679 2018]  AH02565: Certificate and private key devcmsps1.dev.wiprocloudminder.com:443:0 from /opt/CA/secure-proxy/SSL/certs/ServerCertificate.cer and /opt/CA/secure-proxy/SSL/keys/preview.wiprocloudminder.net.key do not match 
AH00016: Configuration Failed 

[Tue Jul 10 09:54:35.139679 2018] [ssl:emerg] [pid 18661:tid 4151437056] AH02565: Certificate and private key xxx.xx.xxx:443:0 from /opt/CA/secure-proxy/SSL/certs/ServerCertificate.cer and /opt/CA/secure-proxy/SSL/keys/preview.wiprocloudminder.net.key do not match 
AH00016: Configuration Failed 

Make sure that the public and private key you have specified for the new ssl configuration match. 
Additional Information:
To configure or replace a ssl certificate for the apache server of a CA Access Gateway (SPS) machine, please see

https://docops.ca.com/ca-single-sign-on/12-52-sp1/en/configuring/ca-siteminder-sps-configuration/configuring-ssl-for-ca-siteminder-sps/configuring-ssl-on-apache-web-server-manually