Unable to enroll: Connection timed out (Connection timed out)

book

Article ID: 223226

calendar_today

Updated On:

Products

CA API Gateway

Issue/Introduction


Trying to enroll Gateway with CA Developer Portal but getting this Error :  Unable to enroll:  Connection timed out (Connection timed out)




Unfortunately, we have been unable to fix the problem because we don't have any more detail about.
ssg_0_0.log doesn't provide additional information on the problem.



Cause

Firewall Rule in place blocking gateway to resolve the host enroll.t5.domain.com

Environment

Release : 10.0

Component : API GATEWAY

Resolution

1. use the following command to confirm Portal enroll URL is resolved from gateway :

curl -vk https://enroll.t5.domain.com:9443/enroll/tenant-az50?sckh=t9MW2AZVsMylWrR25GRFK0oAXz29kP1234sfc4cOe3w

note: replace the URL "https://enroll.t5.domain.com:9443/enroll/tenant-az50?sckh=t9MW2AZVsMylWrR25GRFK0oAXz29kP1234sfc4cOe3w"

by the one generated in your Portal to enroll a Proxy/Gateway

the output should be like the following :

* About to connect() to enroll.t5.domain.com port 9443 (#0)
*   Trying 10.74.146.181...
* Connected to enroll.t5.domain.com (10.74.146.181) port 9443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* skipping SSL peer certificate verification
* NSS: client certificate not found (nickname not specified)
* SSL connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
* Server certificate:
*       subject: CN=pssg
*       start date: Dec 28 16:15:25 2020 GMT
*       expire date: Dec 28 16:15:25 2023 GMT
*       common name: pssg
*       issuer: CN=pssg
> GET /enroll/tenant-az50?sckh=t9MW2AZVsMylWrR25GRFK0oAXz29kP1234sfc4cOe3w HTTP/1.1
> User-Agent: curl/7.29.0
> Host: enroll.t5.domain.com:9443
> Accept: */*
>
< HTTP/1.1 401 Unauthorized
< Content-Type: text/plain;charset=UTF-8
< Content-Length: 12
< Date: Wed, 01 Sep 2021 19:40:03 GMT
< Server: CA-API-Gateway/9.0
<
* Connection #0 to host enroll.t5.domain.com left intact

Else , If the curl command respond with Connection timed out then need to invstigate network , firewall involved.

2. The curl command helped to resolve the problem. customer had a firewall issue.

Additional Information

https://techdocs.broadcom.com/us/en/ca-enterprise-software/layer7-api-management/api-developer-portal/5-0/install-configure-and-upgrade/post-installation-tasks/enroll-a-layer7-api-gateway.html