API Gateway is started but is being shown as STARTING in the Gateway Status.
The sspc log contains errors similar to the following :
2017-11-20T20:04:19.550+0100 WARNING 1 com.l7tech.server.processcontroller.p: default may still be starting, but API is throwing unexpected exceptions
javax.xml.ws.soap.SOAPFaultException: Request denied (no certificate).
at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:157)
at com.sun.proxy.$Proxy83.ping(Unknown Source)
at com.l7tech.server.processcontroller.p.b(Unknown Source)
at com.l7tech.server.processcontroller.p.a(Unknown Source)
at com.l7tech.server.processcontroller.ProcessController.a(Unknown Source)
at com.l7tech.server.processcontroller.ProcessController.a(Unknown Source)
at com.l7tech.server.processcontroller.ProcessControllerDaemon.a(Unknown Source)
at com.l7tech.server.processcontroller.ProcessControllerDaemon.main(Unknown Source)
Caused by: org.apache.cxf.binding.soap.SoapFault: Request denied (no certificate).
at org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.unmarshalFault(Soap11FaultInInterceptor.java:84)
at org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMessage(Soap11FaultInInterceptor.java:51)
at org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMessage(Soap11FaultInInterceptor.java:40)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:263)
at org.apache.cxf.interceptor.AbstractFaultChainInitiatorObserver.onMessage(AbstractFaultChainInitiatorObserver.java:114)
at org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:69)
at org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:34)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:263)
at org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:812)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:1674)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:1509)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1417)
at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)
at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:650)
at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:263)
at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:542)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:473)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:376)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:329)
at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:95)
at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:135)
... 7 more
All supported versions of the CA API Gateway
This error occurs when the Process Controller (SSPC) is unable to authenticate itself with the Gateway. The Process Controller uses client certificate authentication to open an SSL secured connection over a specific port on the API Gateway. This port is reflected by the Process Controller Port declaration file (processControllerPort). This issue may occur when a Listen Port the Process Controller communicates on is set to not use client certificate authentication.
Use the following steps to resolve this issue :
1) Please check the contents of /opt/SecureSpan/Gateway/node/default/var/processControllerPort. Note the port number contained within it. By default, this port is 2124, but yours may be different.
2) Log in to the Policy Manager. Go to [Tasks] > Manage Listen Ports. Select the Listen Port noted from the file in step one above, and click on [Properties].
3) On the Listen Port Properties window, click the [SSL/TLS Settings] tab. Ensure that Client Authentication is set to 'Optional' or 'Required' rather than 'None'. Save the changes.
4) Reboot the node.