Unable to connect to Policy Manager after upgrade from 7.x series to 9.1 or 9.2 due to Listen Port Cipher Suite Issue

search cancel

Unable to connect to Policy Manager after upgrade from 7.x series to 9.1 or 9.2 due to Listen Port Cipher Suite Issue

book

Article ID: 5318

calendar_today

Updated On:

Products

CA API Gateway

Issue/Introduction

Inability to establish Policy Manager connectivity after upgrading a CA API Gateway from version 7.x CA API Gateway appliance to version 9.1 or 9.2. Initial investigations will show the Gateway in a running status and SSPC logs indicating the processController started.

----------------------------------------------------------------------
CA API Gateway Status
----------------------------------------------------------------------

Configuration:
Node Status = RUNNING
Node Status Timestamp = 2017-01-16 12:02:01
Node Status Since = 2017-01-16 11:41:27

SSPC Logs:

2017-01-16T11:40:51.931-0600 INFO 1 com.l7tech.server.processcontroller.ProcessController: /opt/SecureSpan/Gateway/node/default/var/processControllerPort does not exist yet, will try default port
2017-01-16T11:40:56.946-0600 INFO 1 com.l7tech.server.processcontroller.ProcessController: /opt/SecureSpan/Gateway/node/default/var/processControllerPort does not exist yet, will try default port
2017-01-16T11:41:01.967-0600 INFO 1 com.l7tech.server.processcontroller.ProcessController: /opt/SecureSpan/Gateway/node/default/var/processControllerPort does not exist yet, will try default port
2017-01-16T11:41:06.982-0600 INFO 1 com.l7tech.server.processcontroller.ProcessController: /opt/SecureSpan/Gateway/node/default/var/processControllerPort does not exist yet, will try default port
2017-01-16T11:41:11.996-0600 INFO 1 com.l7tech.server.processcontroller.ProcessController: /opt/SecureSpan/Gateway/node/default/var/processControllerPort does not exist yet, will try default port
2017-01-16T11:41:17.016-0600 INFO 1 com.l7tech.server.processcontroller.ProcessController: /opt/SecureSpan/Gateway/node/default/var/processControllerPort does not exist yet, will try default port
2017-01-16T11:41:22.031-0600 INFO 1 com.l7tech.server.processcontroller.ProcessController: /opt/SecureSpan/Gateway/node/default/var/processControllerPort does not exist yet, will try default port
2017-01-16T11:41:27.046-0600 INFO 1 com.l7tech.server.processcontroller.ProcessController: Getting API port from /opt/SecureSpan/Gateway/node/default/var/processControllerPort
2017-01-16T11:41:27.839-0600 INFO 1 com.l7tech.server.processcontroller.q: default started successfully
2017-01-16T11:41:27.839-0600 INFO 1 com.l7tech.server.processcontroller.ProcessController: default started

Environment

Release: L7SMG299000-7.1-Mobile API Gateway-HARDWARE APPLIANCE DUAL CPU
Component:

Cause

Ports 8443 and 9443 respectively, necessary for software and web client access respectively, have not started correctly due to deprecated cipher suites enabled whilst running CA API Gateway version 7.x.

Resolution

Manually update the supported cipher suites via the commands below:

mysql ssg -e “update connector_property set value="TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA" where name="cipherList"”
service ssg restart

Feedback

thumb_up Yes

thumb_down No