search cancel

Unable to create key using RESTMAN - Caused by: error (st=HostDataAccessDenied) : NFKM_recordkey

book

Article ID: 187786

calendar_today

Updated On:

Products

CA API Gateway API SECURITY CA API Gateway Precision API Monitoring Module for API Gateway (Layer 7) CA API Gateway Enterprise Service Manager (Layer 7) STARTER PACK-7 CA Microgateway

Issue/Introduction

Getting the this error when trying to create the private key using RESTMAN.

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>

<l7:Error xmlns:l7="http://ns.l7tech.com/2010/04/gateway-management">

    <l7:Type>ResourceAccess</l7:Type>

    <l7:TimeStamp>2020-03-18T13:56:54.277-05:00</l7:TimeStamp>

    <l7:Link rel="self" uri="https://ssg49:8443/restman/1.0/privateKeys/00000000000000000000000000000004:apikey666"/>

    <l7:Detail>java.security.KeyStoreException: com.l7tech.objectmodel.UpdateException: java.lang.RuntimeException: java.security.KeyStoreException: java.io.IOException: Error calling Key.save: error (st=HostDataAccessDenied) : NFKM_recordkey. Caused by: error (st=HostDataAccessDenied) : NFKM_recordkey</l7:Detail>

</l7:Error>

 

 

Cause

Permission problem as  HSM log shows  :

10:32:32 ERROR: cannot create kmdata file (/opt/nfast/kmdata/local/key_jcecsp_38b9d487d6ec29dbf3ec73135a1ca801187f6a2a
-key-1a34b76f219e4c35a48c6baf99527ea0c32ac174.new): Permission denied

Environment

Release : 9.4, 10.x

Component : API GATEWAY

Resolution

HSM team enabled permission by doing  "adduser opendnssec nfast”