Layer7 API Management

Hi All,

I am running CA API Gateway 9.3 on cluster meaning two nodes (replication enabled between them) with loadbalancer fronting these two nodes.  I create a policy which will talk to 3rd party API and returns the response.  To call 3rd party API I have to import a certificate (as per 3rd party documentation) which I did by login to node-1.  After importing certificate I have started testing my API, and it was behaving as expected when request goes to node-1 and throwing below exception when request goes to node-2.  I have been blown away with this behavior.  Appreciate if some one can throw light on this.

java.security.cert.CertificateException: Certificate [cn=*.ifragasatt.se,ou=domain control validated] path validation and/or revocation checking failed. Caused by: Certificate [cn=*.ifragasatt.se,ou=domain control validated] path validation and/or revocation checking failed

Note:  I have no clue why I am getting 'cn=*.ifragasatt.se'.  This is not my 3rd party API.

Regards

Chaitanya

It doesn't make sense the 2 nodes are different unless your 2 nodes are connecting to different database.

please check /opt/SecureSpan/Gateway/node/default/etc/conf/node.properties on each node, and ensure "node.db.config.main.host" pointing to the same database.

Hi Zhijun,

They are pointing to respective localhost.  I believe localhost means their own database and those two are setup with replication.  Does that mean they are not pointing at same snapshots all the time? 

node.db.config.main.host = localhost

Regards

Chaitanya

Exactly, your nodes are connecting to different databases, this is not correct, you should use fqdn of primary database for all the nodes in cluster.

your current configuration  will lead to more problems if any sync/replication problem .

If I point all my nodes to one database what happens to the other database w.r.t certificates.  If for some reason primary database have some problems then I have to redirect the calls to backup/secondary database which will not have certificates installed, so how it works in this case.

Regards

Chaitanya

You can only have 2 databases in a cluster, and the replication between 2 mysql servers should have been configured. Then anything on primary database will be replicated to 2nd DB. If any problem of primary DB, the failover is automatic.

For more details of replication, you may refer to,

Configuring Cluster Database Replication - CA API Gateway - 9.3 - CA Technologies Documentation 

and mysql document,

MySQL :: MySQL 5.7 Reference Manual :: 16 Replication 

Hi Zhijun,

I am afraid you have miss understood the question.  Let me re-iterate the problem.  I have clustered environment with two nodes and two databases.  These two databases are running on mysql and they are replicated perfectly.  Also both nodes are configured to point to one primary database and failover as another database instance just like below.  Still then I am experiencing the issues like I explained above.  Some weird issues which I am not able to understand.  Now could you please explain the possibilities for such errors so that I will correct the configurations if any.  Also when I install certificate on node1 using policy manager it will automatically pushed to node2 database as both databases are replicated.  However as part of failover when both nodes point to node2 database then will the certificates be reloaded to node memory or not ?  What is the behavior there?  Appreciate quick response on this

node.db.config.main.host = abc1.domain.com

node.db.config.main.host = abc1.domain.com

node.db.config.failover.host = abc2.domain.com

node.db.config.failover.host = abc2.domain.com