We have tried with different users (with admin profile) and we have the following problem with Portal 3.5.
1. login to the portal GUI
2. go to Organizations / applications
Filtrer on organisation : XXX Solutions INEO - CDC SAP
Clic Add application
Fill in the different fields
Once completed clic “save”
The action could not be completed due to a failure on the Gateway. Please contact your gateway administrator
Please see the attached catalina.out
As per the catalina.out, we found a number of problems with keystore ..
Caused by: java.io.IOException: keystore password was incorrect
Caused by: java.security.UnrecoverableKeyException: Get Key failed: null
Release : 3.5
Component : API PORTAL
The error 'Caused by: java.security.UnrecoverableKeyException: Get Key failed: null' implies that the cmsencrypedvalues table does not have a value for the property 'KeystorePassword'
The error 'Caused by: java.io.IOException: keystore password was incorrect' implies that the cmsencrypedvalues table does not have a correct value for the property 'KeystorePassword' based on the specified p12 file.
Confirm that openssl can read the p12 file referenced by the lrsgateway-conf.xml using the following command.
You will be prompted for the password used to generate the p12.
>> openssl pkcs12 -in /opt/Deployments/lrs/server/conf/keys/l7apiportal_key.p12 -nodes
>> Reenter the password for the p12 using Update Portal Keystore Password form of the Layer7 Gateway plugin. A restart of the apiportal service is not required for 3.5 CR9 or later.
If you don't know the password, you will need to export the private key again using the Policy Manager.
For more information see :
1. Check the private key path and filename specified in the configuration file is valid.
Configuration file is here:
2. Check the permissions and ownership of the private key (.p12 file) is correct. This private key should be placed in this directory:
Permissions should be: chmod 640
Ownership should be: chown root:portalusers
However, the chances of those 2 being the issue aren't as likely since the script should take care of it.
The third and most likely reason:
3. The keystore password was not entered, or was not entered correctly in the API Portal CMS. This results in the API Portal application to be unable to access/use the private key. When you exported the private key from the Policy Manager, you were prompted to give it a password and confirm the password. This is the password you need to use for the following steps:
-Navigate to the CMS of the API Portal: http://<portal hostname>/admin
-Click on "Plugin Administration" on the left
-Click on "Layer 7 Gateway"
-In the text field under "Update Portal Keystore Password", enter the keystore password (same password used to export private key).
-Click "Submit" right underneath it.
-Restart the API Portal service from the command line: service apiportal restart
-Test connectivity again.
4. Additionally, we ran this command to change
/opt/jdk/bin/keytool -list -keystore trustedCerts.ks -storepass changeit