I can't start the CA Access Gateway in Secure Cloud


Article ID: 105979


Updated On:


CA Risk Analytics CA Secure Cloud SaaS - Arcot A-OK (WebFort) CLOUDMINDER ADVANCED AUTHENTICATION CA Secure Cloud SaaS - Advanced Authentication CA Secure Cloud SaaS - Identity Management CA Secure Cloud SaaS - Single Sign On


We have recently deployed a new ssl certificate for the apache server in our ca secure gateway machines, because the old one was about to expire. Following that we can't start the CA Access Gateway, as every attempt results in the following message being thrown

Unable to start SSL enabled Apache; not attempting to start Proxy Engine 
Consult stdout or Apache logs for details. 

How can we solve this ?


CA Secure Cloud and CA Access Gateway, all versions


There are several reasons for this, but the most likely one is a certificate mismatch. To determine if this is the case, check the httpd logs under /opt/CA/secure-proxy/proxy-engine/logs and look for entries like the following

[Tue Jul 10 09:54:35.139679 2018]  AH02565: Certificate and private key devcmsps1.dev.wiprocloudminder.com:443:0 from /opt/CA/secure-proxy/SSL/certs/ServerCertificate.cer and /opt/CA/secure-proxy/SSL/keys/preview.wiprocloudminder.net.key do not match 
AH00016: Configuration Failed 

[Tue Jul 10 09:54:35.139679 2018] [ssl:emerg] [pid 18661:tid 4151437056] AH02565: Certificate and private key xxx.xx.xxx:443:0 from /opt/CA/secure-proxy/SSL/certs/ServerCertificate.cer and /opt/CA/secure-proxy/SSL/keys/preview.wiprocloudminder.net.key do not match 
AH00016: Configuration Failed 

Make sure that the public and private key you have specified for the new ssl configuration match. 

Additional Information

To configure or replace a ssl certificate for the apache server of a CA Access Gateway (SPS) machine, please see