Unable to get gateway to use HSM connect for certicate and key storage .
search cancel

Unable to get gateway to use HSM connect for certicate and key storage .


Article ID: 145596


Updated On:


CA API Gateway API SECURITY CA API Gateway Precision API Monitoring Module for API Gateway (Layer 7) CA API Gateway Enterprise Service Manager (Layer 7) STARTER PACK-7 CA Microgateway


The gateway continue to use the default internal key-store after the ssg restart , despite the configuration steps completed successful without errors . 

The ssg log on startup says :

2019-08-15T15:28:14.600+0100 INFO 1 com.l7tech.server.security.keystore.SsgKeyStoreManagerImpl: ignoring keystore_file row with a format of hsm.Ncipher because this Gateway node is not configured to use an nCipher HSM
While the HSM status in the ssg menu says :
The gateway is now configured  to use the HSM Thales module.



Release :

Component : API GTW 


After adding some debug , the problem was caused by the instructions to use BouncyCastle as Jce provider to enable SSL for mysql server jdbc connections as documented in 


The Thales security modules require nCipher as Jce provider this will not work with BouncyCastle .

If this set you have to remove the following line in system.properties to enable HSM  ,then restart the Gateway: