Migrate from Classic Portal 3.5 to API Portal 4.5 , 5.x fails.
search cancel

Migrate from Classic Portal 3.5 to API Portal 4.5 , 5.x fails.


Article ID: 200634


Updated On:


CA API Developer Portal


I'm trying to migrate from classic 3.5 portal to the 4,5 5.x API Developer portal.

Using  the migration process from the Classic 3.5 Portal to the new 4.5 API Portal:

The classic portal is able to reach the target portal over port 9443

This procedure  fails at step 3 


openssl s_client -servername apim-ssg.portal.domain  -connect apim-ssg.portal.domain:9443 2> /dev/null < /dev/null | openssl x509 > apim-ssg.crt

unable to load certificate
140328933390224:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:707:Expecting: TRUSTED CERTIFICATE



Release : 4.5

Component : API PORTAL


The initial problem with getting the certificate from the portal was caused by the wrong apim-ssg fqdn which needs to be apim-ssg.portal.domain .  

This worked after adding this entry to the portal 3.5 local hosts file as apim-ssg.portal.domain.

The second problem Is that the portal migration tool tries to find the certificate for the apim-ssg

by the name provided in the URL , while the default portal certificate CN name is tssg.

To resolve this you need to update the portal tssg certificate with the a certificate with the  correct CN name .

To this you need to do :

create a new certificate for apim-ssg.portal.domain on the new Portal and store the key and certificate in a p12 file.

You will then need to add the following lines to your portal.conf


to your portal.conf file and restart the Portal.

Sample commands for generating certificate and p12

openssl req -newkey rsa:2048 -nodes -keyout key.pem -x509 -days 365 -out certificate.pem -subj '/CN=apim-ssg.portal.domain'

openssl pkcs12 -export -inkey key.pem -in certificate.pem -out tssg-new.p12 -passout pass:<yourpass>

copy certificate to the 3.5 portal and add to

/opt/Deployments/lrs/server/conf/keys/trustedCerts.ks using
/opt/jdk/bin/keytool -import -file certificate.pem -keystore trustedCerts.ks -alias tssg -storepass changeit

then restart the 3.5 portal

Now the migration tool should be able to connect correctly to both portals.