Layer7 API Management

 View Only
  • 1.  Error while importing private key

    Posted Aug 02, 2017 05:40 AM

    Hi

    I am trying to import private key using restman's import API restman/1.0/privateKeys/000000000000000000000000000001123:nn%20issuer/import. And this is my request xml which I am trying to send in the request.

     

    <l7:PrivateKeyImportContext xmlns:l7="http://ns.l7tech.com/2010/04/gateway-management">
    <l7:Pkcs12Data>MIACAQMwgAYJKoZIhvcNAQcBoIAkgASCA0gwgDCABgkqhkiG9w0BBwGggCSABIHX
    MIHUMIHRBgsqhkiG9w0BDAoBAqB2MHQwKAYKKoZIhvcNAQwBAzAaBBTSM+pxAN9R
    UJh1jri6fUqBltoB+wICBAAESIdE1QB8b+2nMyT1wqPp0DNLJTAWFWtYHOgZztxk
    +W5rp5T+SL5+Ov1wAWdwLtzcmslqhLPYUOzvx/qGr2PbQciqV8yeWHJSjzFKMCMG
    CSqGSIb3DQEJFDEWHhQAagB3AHQAIABpAHMAcwB1AGUAcjAjBgkqhkiG9w0BCRUx
    FgQUHxYCGHRSZ8F3F0MFu5bbRorArTcAAAAAAAAwgAYJKoZIhvcNAQcGoIAwgAIB
    ADCABgkqhkiG9w0BBwEwKAYKKoZIhvcNAQwBBjAaBBToDjH0NzSANjjbxKrG1wb5
    zVz1MgICBACggASCAfj2timfhMTG1RzGTVEBPJTOxa7ZNKTqmIZ005QIEa/lLcUF
    u0u1L8Ng383B3B7Uk96GUDugqsHM6zRBlrqHKNgpqKJ7T5X+i7pcz01Cdr9GOwIa
    ohHpH+pdiQ4C6WieIAZGJXAmtp91+uxjiAmqnhPdz7goJchWjRMs8mGCTCBH3YMQ
    ogDAMKVG295XMKydgBIRpNYKCssEmMwlLkWs3OZ0KaJjkAQYejKvBybbih3eHAGI
    nTkzbxYbE2E61M0jMqPiA/KPzm+C05J/WZBqKruhM27RzyxpcI/3c7SlY44BSwTM
    z9oRAw3IaqMsqYITLtREx4RDX02GIh1tBO9tYatPfE7F4FDMfYEv75uByAvFTUYG
    GJBTU4gIUZGbrsfqB6fEBkqrpQLRN65dKJdcE4dshYEpHNWb/7HB5dJXn/R05PmF
    yTXN4FQmYoXSMkJtoo0pscCMYSVn4S/Kj/ydiEzupolKOmMLg65eUwr7yk2FdDX4
    OVIGhzVHNasv7XcfDBv9IH0aXXOoF/wpxE7uEIv0t31OTyQIK9yT934yIVK3/n+m
    GlGbf+OPGue1bjE3e8uPtoCCf9ibECQYgcgyOVRE5Sm88W5oB0CJ0HhCi9Cn5iEt
    rT/xxp9A/3rlh91j+IZLofZPV3XYtfcKpn7TB8cosQiCaSNZ3NoAAAAAAAAAAAAA
    AAAAAAAAAAAwPTAhMAkGBSsOAwIaBQAEFOVOTSadwnl7YyGG69FCI3x3AJs+BBSK
    StYQhf/E4Gx0tuAYA2JLqwQqtQICBAAAAA==</l7:Pkcs12Data>
    <l7:Password>123456</l7:Password>
    </l7:PrivateKeyImportContext>

     

    But I am getting following error, can you please help me out?

     

     

    Status: 403 Forbidden
    Server: Apache-Coyote/1.1
    Content-Length: 468
    Date: Wed, 02 Aug 2017 14:58:17 GMT
    Content-Type: application/xml
    <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
    <l7:Error xmlns:l7="http://ns.l7tech.com/2010/04/gateway-management">
    <l7:Type>ResourceAccess</l7:Type>
    <l7:TimeStamp>2017-08-02T20:28:17.263+05:30</l7:TimeStamp>
    <l7:Link rel="self" uri="https://iii.com:8443/restman/1.0/privateKeys/000000000000000000000000000001123:nnt%20issuer/import"/>
    <l7:Detail>PKCS12 key store mac invalid - wrong password or corrupted file.</l7:Detail>
    </l7:Error>

    I have tried other generated keys as well but response remains the same.#####



  • 2.  Re: Error while importing private key

    Broadcom Employee
    Posted Aug 02, 2017 11:52 AM

    Hello,

     

    Looks like your issue is the id of the key you are specifying

     

    Try using a valid id like this the first part is the id of the default gateway keystone and is always 00000000000000000000000000000002,  the second part is the alias to use for the key.

     

    /restman/1.0/privateKeys/00000000000000000000000000000002:test_ssl/import

     

    I was able to use the body for supplied and import the private key 

     

    Barry



  • 3.  Re: Error while importing private key

    Posted Aug 03, 2017 06:19 AM

    Hi

     

    I tried same key with the same key id and alias name through restman using GMU and got the below error. Not sure whether the error mentioned in the response is correct since the key seems to be valid.

     

    Status: 403 Forbidden
    Server: Apache-Coyote/1.1
    Content-Length: 468
    Date: Thu, 03 Aug 2017 12:46:23 GMT
    Content-Type: application/xml
    <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
    <l7:Error xmlns:l7="http://ns.l7tech.com/2010/04/gateway-management">
    <l7:Type>ResourceAccess</l7:Type>
    <l7:TimeStamp>2017-08-03T18:16:23.773+05:30</l7:TimeStamp>
    <l7:Link rel="self" uri="https://iii.com:8443/restman/1.0/privateKeys/00000000000000000000000000000002:jwt%20issuer/import"/>
    <l7:Detail>PKCS12 key store mac invalid - wrong password or corrupted file.</l7:Detail>
    </l7:Error>



  • 4.  Re: Error while importing private key

    Broadcom Employee
    Posted Aug 10, 2017 07:04 PM

    Vivek,

     

    You made a statement that you are using GMU. Would you outline what you are doing with the GMU in the sense of bundle information? The work that Barry and I have tried was directly to the Restman endpoint and we both did not see an issue. I used RestClient through Firefox to test and I did not see the same error you were presented.

     

    Sincerely,

     

    Stephen Hughes

    Director, CA Support



  • 5.  Re: Error while importing private key

    Posted Aug 11, 2017 08:28 AM

    Hello

     

    I was trying to import private key using GMU by hitting restman's API and sending xml file in the request.

    I was able to import it using Firefox's rest client but not through GMU, here is the command I am using and request xml.

     

    GatewayMigrationUtility.bat restman --header Content-Type:application/xml --method POST --path 1.0/privateKeys/00000000000000000000000000000002:jwt%20issuer/import --request C:\projects\requests\request_import_private_key.xml -z C:\projects\ssg_awsi.properties

     

     

    Content of request_import_private_key.xml is:- 

     

    <l7:PrivateKeyImportContext xmlns:l7="http://ns.l7tech.com/2010/04/gateway-management">
    <l7:Pkcs12Data>MIACAQMwgAYJKoZIhvcNAQcBoIAkgASCA0gwgDCABgkqhkiG9w0BBwGggCSABIHX
    MIHUMIHRBgsqhkiG9w0BDAoBAqB2MHQwKAYKKoZIhvcNAQwBAzAaBBTSM+pxAN9R
    UJh1jri6fUqBltoB+wICBAAESIdE1QB8b+2nMyT1wqPp0DNLJTAWFWtYHOgZztxk
    +W5rp5T+SL5+Ov1wAWdwLtzcmslqhLPYUOzvx/qGr2PbQciqV8yeWHJSjzFKMCMG
    CSqGSIb3DQEJFDEWHhQAagB3AHQAIABpAHMAcwB1AGUAcjAjBgkqhkiG9w0BCRUx
    FgQUHxYCGHRSZ8F3F0MFu5bbRorArTcAAAAAAAAwgAYJKoZIhvcNAQcGoIAwgAIB
    ADCABgkqhkiG9w0BBwEwKAYKKoZIhvcNAQwBBjAaBBToDjH0NzSANjjbxKrG1wb5
    zVz1MgICBACggASCAfj2timfhMTG1RzGTVEBPJTOxa7ZNKTqmIZ005QIEa/lLcUF
    u0u1L8Ng383B3B7Uk96GUDugqsHM6zRBlrqHKNgpqKJ7T5X+i7pcz01Cdr9GOwIa
    ohHpH+pdiQ4C6WieIAZGJXAmtp91+uxjiAmqnhPdz7goJchWjRMs8mGCTCBH3YMQ
    ogDAMKVG295XMKydgBIRpNYKCssEmMwlLkWs3OZ0KaJjkAQYejKvBybbih3eHAGI
    nTkzbxYbE2E61M0jMqPiA/KPzm+C05J/WZBqKruhM27RzyxpcI/3c7SlY44BSwTM
    z9oRAw3IaqMsqYITLtREx4RDX02GIh1tBO9tYatPfE7F4FDMfYEv75uByAvFTUYG
    GJBTU4gIUZGbrsfqB6fEBkqrpQLRN65dKJdcE4dshYEpHNWb/7HB5dJXn/R05PmF
    yTXN4FQmYoXSMkJtoo0pscCMYSVn4S/Kj/ydiEzupolKOmMLg65eUwr7yk2FdDX4
    OVIGhzVHNasv7XcfDBv9IH0aXXOoF/wpxE7uEIv0t31OTyQIK9yT934yIVK3/n+m
    GlGbf+OPGue1bjE3e8uPtoCCf9ibECQYgcgyOVRE5Sm88W5oB0CJ0HhCi9Cn5iEt
    rT/xxp9A/3rlh91j+IZLofZPV3XYtfcKpn7TB8cosQiCaSNZ3NoAAAAAAAAAAAAA
    AAAAAAAAAAAwPTAhMAkGBSsOAwIaBQAEFOVOTSadwnl7YyGG69FCI3x3AJs+BBSK
    StYQhf/E4Gx0tuAYA2JLqwQqtQICBAAAAA==</l7:Pkcs12Data>
    <l7:Password>123456</l7:Password>
    </l7:PrivateKeyImportContext>



  • 6.  Re: Error while importing private key

    Broadcom Employee
    Posted Aug 13, 2017 12:33 PM

    Good morning,

     

    I've attempted to execute the command that you outlined above and was able to successful upload the private key. Just a note that I was testing this against a 9.2 version of the Gateway with GMU version 1.4.

     

    Sincerely,

     

    Stephen Hughes

    Director, CA Support



  • 7.  Re: Error while importing private key

    Posted Aug 14, 2017 02:07 AM

    Hello

     

    Thanks for your reply, I was using the 1.3 version of GMU and 9.1 of Gateway where error message was not enough to explain the cause, but when I tried GMU 1.4 with Gateway 9.1 only, I got the proper reason why it was not working.



  • 8.  Re: Error while importing private key

    Broadcom Employee
    Posted Aug 14, 2017 12:07 PM

    Were you able to determine the issue and correct based on the feedback of using the newer version of the GMU?

     

    Sincerely,

     

    Stephen Hughes

    Director, CA Support



  • 9.  Re: Error while importing private key
    Best Answer

    Posted Aug 16, 2017 02:59 AM

    Yes, I got the exact error in GMU 1.4 stating that "key already present" while in 1.3 I was getting "wrong password or corrupted file".