Broadcom API Portal 5.3 - Unable to enroll API Proxy Gateway 11.1 with Error failed to load certificate
search cancel

Broadcom API Portal 5.3 - Unable to enroll API Proxy Gateway 11.1 with Error failed to load certificate

book

Article ID: 375731

calendar_today

Updated On:

Products

CA API Developer Portal CA API Gateway

Issue/Introduction

While enrolling the Gateway with Portal, the enrollment fails with the following error:

Unable to enroll: https://enroll.portal.local/enroll/tenantazuat/?sckh=HWmaXmeFtwkIieoRxm4F7JJ9Z8GLHIJkpmF-xQ391CM&token=b38c88bc-b464-4517-bfeb-1dcad8078930&action=enroll enrollment request failed. postEnrolPortalDataUrl = http://portal-data:8080/portal-data/gateway-management/internal/enrol/bundle?sckh=HWmaXmeFtwkIieoRxm4F7JJ9Z8GLHIJkpmF-xQ391CM&token=b38c88bc-b464-4517-bfeb-1dcad8078930  error response = {"httpStatusCode":400,"errorCode":483,"devErrorMessage":"ERROR: internal IO error, failed to load certificate apim-ssg.portal.local: DerInputStream.getLength(): lengthTag=24, too big.","userErrorMessage":"The request could not be completed due to data input errors.","locale":"en","userErrorKey":"error.validation.entity"}

Environment

API Portal 5.3/API Gateway 11.1

Cause

Java's error DerInputStream.getLength(): lengthTag=24, too big can be caused when:

- the certificate contains invalid characters like extra blank spaces 

- the certificate has an invalid format 

- the Java TrustStore type is set to PKCS12 and the certificate is not a PKCS12

 

Resolution

Check the certificate content and format.

If the certificate is not a PKCS12, change Gateway Java's TrustStore type to JKS:  

javax.net.ssl.trustStoreType=jks

 

Powered by Wolken Software