API Gateway stuck in WONT_START state: Subject DN already exists in the Keystore
search cancel

API Gateway stuck in WONT_START state: Subject DN already exists in the Keystore

book

Article ID: 264231

calendar_today

Updated On:

Products

CA API Gateway

Issue/Introduction

Our API Gateway service on one our Linux VMs is not starting, when checking the logs we receive the error as shown below. 

**** Unable to start the server: Error starting server : Error creating bean with name 'clientSocketFactoryKeyManagerInitializer' defined in class path resource [com/l7tech/server/resources/ssgApplicationContext.xml]: Cannot resolve reference to bean 'sslKeyManagers' while setting bean property 'arguments' with key [0]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'sslKeyManagers' defined in class path resource [com/l7tech/server/resources/ssgApplicationContext.xml]: Invocation of init method failed; nested exception is java.lang.RuntimeException: No default SSL key available: Unable to create initial default SSL key: java.security.KeyStoreException: com.l7tech.objectmodel.UpdateException: java.lang.RuntimeException: java.security.GeneralSecurityException: Subject DN already exists in the Keystore

Environment

Release : 10.x

Cause

The gateway default ssl key did not set and existing a key contains server name as DN.  When starting gateway,  the gateway will try to generate a default SSL key with the conflict DN name.  

Resolution

1.  if there is a previous backup file when gateway was in the good state,  do the restore then start the gateway should be able to bring up the gateway.

2.  If no backup available, or the key store key setting was changed (like the default SSL key removed).  Then do the following step to start the gateway: 

  a.  stop gateway

        service ssg stop

  b. in shell command line to do the keystore_file backup: 

               >  mysqldump ssg keystore_file > keystore_file.sql

  c.  In the mysql prompt, do update 

       use ssg ; 

       update keystore_file set databytes =null where name='software DB' ;

  d.  start gateway  

        service ssg start

e.   after gateway start,  connect gateway using policy manager. 

      review the private key in Manage Private KEys (tasks> Certifcates,  Keys and Secretes), it should only have one default SSL key.  

f.  In the shell command line, do table keystore_file restore

   > mysql ssg keystore_file < keystore_file.sql

e.  In policy manager, set proper default SSL key using the Manage Private Keys (tasks> Certifcates,  Keys and Secretes)

The gateway wil be able to restart properly. 

       

Powered by Wolken Software