Container GW Policy Manager errors
Article ID: 415524
Updated On:
Products
CA API Gateway
Issue/Introduction
When running Container GW V.11.1.2, there is some kind of instability with the PM application. It often display following error:
The corresponding ssm0.log file shows:
Oct 16, 2025 9:38:41 AM com.l7tech.console.security.a checkServerTrusted
INFO: Trust check failed, reloading trust store.
Oct 16, 2025 9:38:41 AM com.l7tech.console.logging.DefaultErrorHandler handle
INFO: The Policy Manager encountered an internal error or misconfiguration and was unable to complete the operation.
org.springframework.remoting.RemoteAccessException: Could not access HTTP invoker remote service at [https://securespangateway/ssg/manager/AdminLogin]; nested exception is javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at org.springframework.remoting.httpinvoker.HttpInvokerClientInterceptor.convertHttpInvokerAccessException(HttpInvokerClientInterceptor.java:234)
Environment
API Gateway 11.X
Resolution
The Policy Manager is expecting the gateway certificate. It does not work with the nginx default cert.
You can bypass this by enabling the sslpasthrough on the nginx service:
ingress.kubernetes.io/ssl-passthrough: "true"
This will allow the gateway to present the gateway certificate to Policy Manager.
Feedback
Yes
No
Powered by
