Gateway in SSG Menu stuck in STARTING state
search cancel

Gateway in SSG Menu stuck in STARTING state

book

Article ID: 276480

calendar_today

Updated On:

Products

CA API Gateway

Issue/Introduction

Gateway Version: Any/All.

The observed issue was using the SSG Menu to validate if the Gateway service was running the menu showed the gateway stuck in starting. 

For example 

# netstat -an | grep 8443 

Showed listening.

In the original logs it could be seen that the SSG service was up, and the listen ports were listening for the gateway. 

Resolution

In the SSPC_0_0.log Error Stack,

Caused by: javax.net.ssl.SSLHandshakeException: DH ServerKeyExchange does not comply to algorithm constraints
    at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
    at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
    at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:340)
    at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:296)
    at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:287)
    at java.base/sun.security.ssl.DHServerKeyExchange$DHServerKeyExchangeConsumer.consume(DHServerKeyExchange.java:538)

If you  log into policy manager.

Go into Tasks -> Transports -> Manage Listen Ports -> 2124 -> Properties

Check off Enable Default Ciphers list  AND TLS 1.3.

Having all default ciphers enabled at the listen port and all TLS Versions.