I'm trying to migrate from classic 3.5 portal to the 4.5 API Developer portal.
Using the migration process from the Classic 3.5 Portal to the new 4.5 API Portal:
The classic portal is able to reach the target portal over port 9443
This procedure fails at step 3 with:
openssl s_client -servername apim-ssg.portal.domain -connect apim-ssg.portal.domain:9443 2> /dev/null < /dev/null | openssl x509 > apim-ssg.crt
unable to load certificate
140328933390224:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:707:Expecting: TRUSTED CERTIFICATE
Release : 4.5
Component : API PORTAL
The initial problem with getting the certificate from the portal was caused by the wrong apim-ssg fqdn which needs to be apim-ssg.portal.domain .
This worked after adding this entry to the portal 3.5 local hosts file as apim-ssg.portal.domain.
The second problem Is that the portal migration tool tries to find the certificate for the apim-ssg
by the name provided in the URL , while the default portal certificate CN name is tssg.
To resolve this you need to update the portal tssg certificate with the a certificate with the correct CN name .
To this you need to do :
create a new certificate for apim-ssg.portal.domain on the new Portal and store the key and certificate in a p12 file.
You will then need to add the following lines to your portal.conf
to your portal.conf file and restart the Portal.
Sample commands for generating certificate and p12
openssl req -newkey rsa:2048 -nodes -keyout key.pem -x509 -days 365 -out certificate.pem -subj '/CN=apim-ssg.portal.domain'
openssl pkcs12 -export -inkey key.pem -in certificate.pem -out tssg-new.p12 -passout pass:yourpass
copy certificate to the 3.5 portal and add to
/opt/jdk/bin/keytool -import -file certificate.pem -keystore trustedCerts.ks -alias tssg -storepass changeit
then restart the 3.5 portal
Now the migration tool should be able to connect correctly to both portals.