An on-premise API Gateway node (or cluster) may report an SSL-related error during the enrollment process with API Management SaaS (aka "SaaS API Portal").
An example of such an error may look like the following:
Unable to enroll: java.security.cert.CertificateException: No name matching <hostname.dev.ca.com> found.
This issue is typically caused by an SSL configuration incompatibility between the engine used on the Gateway and engine used on the SaaS API Portal side.
Edit the system.properties file on the API Gateway node to change the SSL library. This is a temporary change just needed for enrollment. Once enrollment succeeds, it can be removed from the system.properties file.
Next, the previous enrollment attempt must be cleaned up before trying the enrollment process again. If the enrollment was never attempted, then the following steps can be skipped.
Attempt the enrollment process again.
If it succeeds, the system property added earlier in the workaround should be removed and the API Gateway restarted one more time. If the same SSL failure during enrollment is encountered, contact CA Support for further assistance.