Typically, the Gateway will throw these errors when it is unable to access the encrypted software keystore contained within MySQL. This access is regulated using the cluster passphrase.
This cluster passphrase is maintained within the /opt/SecureSpan/Gateway/node/default/etc/conf/node.properties
file. It is an encrypted value contained in the node.cluster.pass
In order to resolve this issue, you must first provide the correct cluster passphrase in the node.cluster.pass
property as a cleartext string. Then, restart the Gateway service. To do the following:
- Log into the Gateway as the ssgconfig user
- Select Option 3: Use a privileged shell (root)
- Open the node.properties file for editing
- Remove the value of node.cluster.pass
- Replace with the cleartext cluster passphrase
- Save the file
- Restart the Gateway service
service ssg restart
At this point, the Gateway will either fail to start or start successfully.
Gateway Successfully Starts
If the Gateway starts successfully, you will need to force the Gateway to re-encrypt the cluster passphrase, or else it will continue to use a cleartext passphrase in the node.properties
file. To do so, exit the privileged shell and return to the ssgconfig menu and do the following:
- Select Option 2: Display Layer 7 Gateway configuration menu
- Select Option 4: Change the Master Passphrase
- Provide the current passphrase
- Provide the cluster passphrase you wish to use
NOTE: This value can be the same as the previous cluster passphrase.
- Confirm the cluster passphrase
- Select Option 7: Manage Layer 7 Gateway status
- Select Option 2: Restart the Layer 7 Gateway
At this point, you can access the privileged shell, open the node.properties
file, and confirm that the node.cluster.pass
value has been encoded and encrypted.
Gateway Fails to Start
If the Gateway fails to start after the manually setting the cluster passphrase in node.properties
then the cluster passphrase provided is incorrect. Because this is an encrypted value, there is not a method of retrieving this password post upgrade or migration. If a backup of the Gateway was taken before upgrading or migrating, it is possible that the cluster passphrase can be restored. If you have this backup, please contact Layer 7 Support by opening a new support request specifying "Lost Cluster Passphrase" in the Subject area.