Unable to import a private key using the GatewayMigrationUtility.sh restman privateKeys Import Export

book

Article ID: 207435

calendar_today

Updated On:

Products

CA API Gateway

Issue/Introduction

We attempt to import the private key using the GatewayMigrationUtility.sh command line tool.

GatewayMigrationUtility.sh restman
-argFile example.properties
-method POST
-path '1.0/privateKeys/00000000000000000000000000000002:key001/import'
-request importPrivateKey.xml

The following is returned.

Running..
Status: 403 Forbidden
Server: Apache-Coyote/1.1
Content-Length: 466
Date: Wed, 27 Jan 2021 13:05:43 GMT
Content-Type: application/xml
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<l7:Error xmlns:l7="http://ns.l7tech.com/2010/04/gateway-management">
    <l7:Type>ResourceAccess</l7:Type>
    <l7:TimeStamp>2021-01-27T07:05:43.841-06:00</l7:TimeStamp>
    <l7:Link rel="self" uri="https://SomeGateway:8443/restman/1.0/privateKeys/00000000000000000000000000000002:SomeKey/import"/>
    <l7:Detail>Unable to read KeyStore: 0 &gt;= 0. Caused by: 0 &gt;= 0</l7:Detail>
</l7:Error>

 

 

Environment

Release : 9.3

Component : API GATEWAY

Resolution

What I know works.

* All postman below uses header: content-type:application/xml AND basic auth header policy manager admin credentials.

1) Use postman to obtain (export a privatekey)

Endpoint:

https://somehost:8443/restman/1.0/privateKeys/00000000000000000000000000000002:somealias/export

Method: Put


Body:

<l7:PrivateKeyExportContextxmlns:l7="http://ns.l7tech.com/2010/04/gateway-management">
<l7:Password>itsasecret</l7:Password>
</l7:PrivateKeyExportContext>



2) Postman import (to a different gateway).
Endpoint:
https://somedifferentgateway:8443/restman/1.0/privateKeys/00000000000000000000000000000002:somealias/import

Method: Post


Body:

<l7:PrivateKeyImportContext xmlns:l7="http://ns.l7tech.com/2010/04/gateway-management">  
<l7:Pkcs12Data>.....</l7:Pkcs12Data>
  <l7:Alias>somealias</l7:Alias>
  <l7:Password>itsasecret</l7:Password>
</l7:PrivateKeyImportContext>

Where the Pkcs12Data above is from the EXPORT in mystep1.
This works fine the import is good.