API Gateway: GMU Migration Issue With Sensitive Data

search cancel

API Gateway: GMU Migration Issue With Sensitive Data

book

Article ID: 185798

calendar_today

Updated On: 03-13-2025

Products

CA API Gateway API SECURITY STARTER PACK-7

Issue/Introduction

We are facing issues during our migration from a lower environment to higher environment through GMU:

Warning: TLS hostname verification has been disabled

Warning: TLS server certificate check has been disabled

Execution failed. Reason: Migrate in failed: Bad Request Resource validation failed due to 'INVALID_VALUES' Invalid private key data

We are migrating services, cluster-wide properties, private keys, and secured passwords.

Also, other possible error message:

"Resource validation failed due to 'INVALID_VALUES' Failed to decrypt password".

Environment

API Gateway: 9.4, 10.x, 11.x

Cause

The clusterPassphrase used in the GMU properties files for the migrateOut and migrateIn are different.

Resolution

The clusterPassphrase in the common arguments file, used on the source gateway (to do a migrateOut) MUST MATCH the clusterPassphrase in the common arguments file used on the target gateway (to do a migrateIn). Otherwise, you won't be able to decrypt the encrypted sensitive data in the imported bundle.

Feedback

Was this article helpful?

thumb_up Yes

thumb_down No