Patch operation failed : Patch API Error: Certificate is not trusted for signing patches
search cancel

Patch operation failed : Patch API Error: Certificate is not trusted for signing patches

book

Article ID: 378887

calendar_today

Updated On:

Products

CA API Gateway

Issue/Introduction

Attempting to upload patches including the following and later when new Monthly Platform Patch is made available:

  • Layer7_API_Gateway_Debian_v11.1.1-18484.L7P
  • Layer7_API_PlatformUpdate_64bit_v11.1-Debian-2024-08-26.L7P
  • Layer7_API_PlatformUpdate_64bit_v11.1-Debian-2024-09-24.L7P

and fails with the following error:

Patch operation failed : Patch API Error: Certificate is not trusted for signing patches

[                                                                    

[                                                                              

  Version: V3                                                                  

  Subject: CN=Broadcom Inc, OU=CA Canada Company, O=Broadcom Inc, L=San Jose, ST=California, C=US                                                              

  Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11              

...

Environment

CA API Gateway 11.1.1,  Gateway 11.1

Cause

The system that is being patched has not first patched with PMS v2.0.0.

Resolution

Important!!! PMS 2.0.0 should not be installed on 11.0 and order releases.

 

In order to install the required gateway 11.1.1 and 11.1 August 2024 patches and subsequent Monthly Platform Patches you must first upgrade our underlying patch management service to v2.0.0. This patch is included in the "Layer7_API_Gateway_v11.1.1.zip" available from the

Layer7 API Gateway - Solutions and Patches

Depends on your gateway Operating System, it can be one of the two below:

Layer7_API_PMS_Debian_v2.0.0-20240715115049.L7P
Layer7_API_PMS_RHEL_v2.0.0-20240715115049.L7P

Even though the "Layer7_API_Gateway_v11.1.1.zip" implies that it is for 11.1.1, you can use it on a 11.1 just to patch the PMS to 2.0.0 first.

After the PMS has been properly patched to v2.0.0, you should be able to upload and install the patch in question.

The version of the PMS can be verified through the following command on the system:

dpkg -l | grep patch

Additional Information

Please also take a note of the following

July 2024 MPP: Users are strongly advised to apply the July 2024 MPP BEFORE updating their PMS to version 2.0.0 and/or upgrading to Gateway 11.1.1 as PMS version 2.0.0 will be unable to accept July 2024 or older MPPs due to new signing algorithm requirements. August 2024 and future MPPs will require PMS version 2.0.0.

included in the following product doc:

List of Update Files 

Powered by Wolken Software