Migrate from Classic Portal 3.5 to API Portal 4.5 , 5.x fails.
search cancel

Migrate from Classic Portal 3.5 to API Portal 4.5 , 5.x fails.

book

Article ID: 200634

calendar_today

Updated On:

Products

CA API Developer Portal

Issue/Introduction

I'm trying to migrate from classic 3.5 portal to the 4,5 5.x API Developer portal.

Using  the migration process from the Classic 3.5 Portal to the new 4.5 API Portal:

The classic portal is able to reach the target portal over port 9443

This procedure  fails at step 3 

Command:

openssl s_client -servername apim-ssg.portal.domain  -connect apim-ssg.portal.domain:9443 2> /dev/null < /dev/null | openssl x509 > apim-ssg.crt

Result:
unable to load certificate
140328933390224:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:707:Expecting: TRUSTED CERTIFICATE

 

Environment

Release : 4.5

Component : API PORTAL

Resolution

The initial problem with getting the certificate from the portal was caused by the wrong apim-ssg fqdn which needs to be apim-ssg.portal.domain .  

This worked after adding this entry to the portal 3.5 local hosts file as apim-ssg.portal.domain.

The second problem Is that the portal migration tool tries to find the certificate for the apim-ssg

by the name provided in the URL , while the default portal certificate CN name is tssg.

To resolve this you need to update the portal tssg certificate with the a certificate with the  correct CN name .

To this you need to do :

create a new certificate for apim-ssg.portal.domain on the new Portal and store the key and certificate in a p12 file.

You will then need to add the following lines to your portal.conf

PORTAL_TSSG_SSL_KEY=/path-to-certs/tssg_new.p12
PORTAL_TSSG_SSL_KEY_PASS=<yourpass>

to your portal.conf file and restart the Portal.

Sample commands for generating certificate and p12

openssl req -newkey rsa:2048 -nodes -keyout key.pem -x509 -days 365 -out certificate.pem -subj '/CN=apim-ssg.portal.domain'

openssl pkcs12 -export -inkey key.pem -in certificate.pem -out tssg-new.p12 -passout pass:<yourpass>

copy certificate to the 3.5 portal and add to

/opt/Deployments/lrs/server/conf/keys/trustedCerts.ks using
/opt/jdk/bin/keytool -import -file certificate.pem -keystore trustedCerts.ks -alias tssg -storepass changeit

then restart the 3.5 portal

Now the migration tool should be able to connect correctly to both portals.

Powered by Wolken Software