Unable to create key using RESTMAN - Caused by: error (st=HostDataAccessDenied) : NFKM

search cancel

Unable to create key using RESTMAN - Caused by: error (st=HostDataAccessDenied) : NFKM_recordkey

book

Article ID: 187786

calendar_today

Updated On:

Products

CA API Gateway

Issue/Introduction

Getting the this error when trying to create the private key using RESTMAN.

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>

<l7:Error xmlns:l7="http://ns.l7tech.com/2010/04/gateway-management">

<l7:Type>ResourceAccess</l7:Type>

<l7:TimeStamp>2020-03-18T13:56:54.277-05:00</l7:TimeStamp>

<l7:Link rel="self" uri="https://ssg49:8443/restman/1.0/privateKeys/00000000000000000000000000000004:apikey666"/>

<l7:Detail>java.security.KeyStoreException: com.l7tech.objectmodel.UpdateException: java.lang.RuntimeException: java.security.KeyStoreException: java.io.IOException: Error calling Key.save: error (st=HostDataAccessDenied) : NFKM_recordkey. Caused by: error (st=HostDataAccessDenied) : NFKM_recordkey</l7:Detail>

</l7:Error>

Environment

API Gateway 9.4, 10.X

Cause

There is a permission problem as seen in the HSM log:

10:32:32 ERROR: cannot create kmdata file (/opt/nfast/kmdata/local/key_jcecsp_38b9d487d6ec29dbf3ec73135a1ca801187f6a2a
-key-1a34b76f219e4c35a48c6baf99527ea0c32ac174.new): Permission denied

Resolution

The team responsible for HSM enabled the permission by doing "adduser opendnssec nfast”

Feedback

thumb_up Yes

thumb_down No