Import failed:Exception unwrapping private key

book

Article ID: 242273

calendar_today

Updated On:

Products

CA API Gateway

Issue/Introduction

I attempted to import via the Policy Manager a new private key in our Sandbox API Gateway. However, I'm getting a failure error.

Import failed:Exception unwrapping private key - java.security.InvalidKeyException: Unable to use passed in key for PBE.

 

Cause

Gateway in FIPS mode import this specific private key

Environment

Release : 10.1

Component : API GATEWAY

Resolution

I was only able to reproduce this issue with the customer P12 file with the gateway in FIPS mode.  Gateway 10/1 cr1 CWP security.fips.enabled=true 

There's an issue with the P12 created, using openSSL creating my own P12 private key work successfully.

WORKAROUND

Set the gateway FIPS to false CWP setting security.fips.enabled=false  

Restart the gateway

Import the P12 private key

Set the gateway back to FIPS CWP setting security.fips.enabled=true

Restart the gateway

Attachments