"Sync SSG Data" actions fail with HTTP 500: Final block not padded

Document ID : KB000042871
Last Modified Date : 05/07/2018
Show Technical Document Details
Introduction:
The CA API Developer Portal can manually synchronize API Plans with the Gateway to ensure updated plans are present and that connectivity between the Gateway and Portal are active. This synchronization is performed over HTTP with SSL and requires the Portal to authenticate against the Gateway via client certificate authentication. The synchronization will fail if the Portal cannot access the private key used to identify itself to the Gateway via client certificate authentication.
Background:

The following abridged error messages may be present in the Catalina log file located in /opt/Deployments/lrs/server/logs/catalina.out when attempting to execute any of the Sync SSG Data actions such as Sync API Plans or Sync Account Plans:

Caused by: java.io.IOException: failed to decrypt safe contents entry: javax.crypto.BadPaddingException: Given final block not properly padded
... at com.sun.net.ssl.internal.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:1277)
... at java.security.KeyStore.load(KeyStore.java:1185)

Environment:
Portal version 3.5 and lower.
Instructions:

This issue occurs when the Portal Keystore Password is not set correctly within the SSG Actions area of the Layer 7 Gateway plugin settings. The issue can be resolved by setting the correct keystore password via the API Developer Portal CMS and restarting the Catalina server running on the Portal appliance:

  1. Log in to the Portal CMS as an administrative user
  2. Select Plugin Administration from the Administration Tools menu
  3. Select Layer 7 Gateway from the available plugins
  4. Update the values under SSG Actions
  5. Log in to the Portal appliance as the ssgconfig user
  6. Select Option #3: Use a privileged shell (root)
  7. Stop the Catalina server: /opt/Deplyoments/lrs/server/bin/catalina.sh stop
  8. Start the Catalina server:/opt/Deplyoments/lrs/server/bin/catalina.sh start
Attempt to resynchronize data sets between the Portal and the Gateway should be successful once the CMS is accessible.