Layer7 API Management

Dear team,

Need urgent help from my fellow community members for the issue given below. I am trying to setup GMU in our company and i did all the steps as mentioned in this link.
https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-api-management/api-gateway/9-3/gateway-migration/configure-gmu-and-gateways-for-migration.html

The steps i did are as follows which is exactly same as mentioned in above link.
1) Published the REST management service on both source and target gateway.
2) I created a migration admin user with name 'DevMigrationAdmin' through policy manager and gave it Adminstrator role in source gateway. Similarly i created a migration admn user with name 'UatMigrationAdmin' through policy manager and gave it administrator role in target gateway.
3) Then i created a private key with CN same exactly same as Migration admin user i.e. 'DevMigrationAdmin' and exported the key and certificate from source gateway and gave it name DevCert.pem and DevKey.p12. I did similar steps on target gateway and generated UatCert.pem and UatKey.p12.
4) Then i mapped the both source and target gateway migrati admin user with the certificate created in step 3 by following the exact same steps mentioned in CA post.
5) Then comes the last step of establishing server trust between source gateway, target gateway and GMU, so i followed the steps as mentioned in post and generated the certificate of default ssl key and exported it with name 'DevSsl.pem'. I did the same steps in UAT and generated the certificate with name 'UatSsl.pem'.
6) Then to add the certificate in JDK trust store i ran the below command which is as per given in the documentation post i.e.
keytool -importcert -alias DevMigrationAdmin -file "C:/Program Files/Java/jre7/bin/DevCert.pem" -keystore "C:/Program Files/Java/jre7/lib/security/cacerts" -storepass changeit

7) It gave the message the certificate is added in the store then i did the same step for UatCert.pem or target gateway with success.
8) Then i rant the command for migrateOut which is as follows:
./GatewayMigrationUtility.bat migrateOut --host 192.168.163.40 --dest dest.xml --folderName /APIs/Inbound/MigrationTest --clientCert DevKey.p12 --encryptionPassphrase @file:Encrypt.txt but it gave me below error.

Running...
Execution failed. Reason: No subject alternative names present. To resolve, either:
• Establish server trust and try again (more info: search "establish server trust" in the Gateway documentation), OR
• Re-run command with the "--trustHostname" parameter to bypass trust requirement.

I followed the steps mentioned in CA post for establishing server trust but still getting this error please help me out. I need the solution ASAP.

Thanks for the cooperation and support.

Regards
Vivek

Dear team,

Need urgent help from my fellow community members for the issue given below. I am trying to setup GMU in our company and i did all the steps as mentioned in this link.
https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-api-management/api-gateway/9-3/gateway-migration/configure-gmu-and-gateways-for-migration.html

The steps i did are as follows which is exactly same as mentioned in above link.
1) Published the REST management service on both source and target gateway.
2) I created a migration admin user with name 'DevMigrationAdmin' through policy manager and gave it Adminstrator role in source gateway. Similarly i created a migration admn user with name 'UatMigrationAdmin' through policy manager and gave it administrator role in target gateway.
3) Then i created a private key with CN same exactly same as Migration admin user i.e. 'DevMigrationAdmin' and exported the key and certificate from source gateway and gave it name DevCert.pem and DevKey.p12. I did similar steps on target gateway and generated UatCert.pem and UatKey.p12.
4) Then i mapped the both source and target gateway migrati admin user with the certificate created in step 3 by following the exact same steps mentioned in CA post.
5) Then comes the last step of establishing server trust between source gateway, target gateway and GMU, so i followed the steps as mentioned in post and generated the certificate of default ssl key and exported it with name 'DevSsl.pem'. I did the same steps in UAT and generated the certificate with name 'UatSsl.pem'.
6) Then to add the certificate in JDK trust store i ran the below command which is as per given in the documentation post i.e.
keytool -importcert -alias DevMigrationAdmin -file "C:/Program Files/Java/jre7/bin/DevCert.pem" -keystore "C:/Program Files/Java/jre7/lib/security/cacerts" -storepass changeit

7) It gave the message the certificate is added in the store then i did the same step for UatCert.pem or target gateway with success.
8) Then i rant the command for migrateOut which is as follows:
./GatewayMigrationUtility.bat migrateOut --host 192.168.163.40 --dest dest.xml --folderName /APIs/Inbound/MigrationTest --clientCert DevKey.p12 --encryptionPassphrase @file:Encrypt.txt but it gave me below error.

Running...
Execution failed. Reason: No subject alternative names present. To resolve, either:
• Establish server trust and try again (more info: search "establish server trust" in the Gateway documentation), OR
• Re-run command with the "--trustHostname" parameter to bypass trust requirement.

I followed the steps mentioned in CA post for establishing server trust but still getting this error please help me out. I need the solution ASAP.

Thanks for the cooperation and support.

Regards
Vivek

Note that the "Jay MacDonald" user has also been added to the administrator role. Now when I run the GMU with the following command, where the passphrase to unlock the pkcs12 key is encoded in EncodedPassword.txt (and which will also be used to encrypt the secrets in the output XML file), it works:

jay@jaymac-laptop:~/SecureSpan/GMU-1.5.00$ ./GatewayMigrationUtility.sh migrateOut --host ssg94.l7tech.com --dest dest.xml --folderName /Demos --clientCert jaymac.p12 -x @file:EncodedPassword.txt --encryptionPassphrase @file:EncodedPassword.txt
Running................
Done
jay@jaymac-laptop:~/SecureSpan/GMU-1.5.00$

Dear team,

Need urgent help from my fellow community members for the issue given below. I am trying to setup GMU in our company and i did all the steps as mentioned in this link.
https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-api-management/api-gateway/9-3/gateway-migration/configure-gmu-and-gateways-for-migration.html

The steps i did are as follows which is exactly same as mentioned in above link.
1) Published the REST management service on both source and target gateway.
2) I created a migration admin user with name 'DevMigrationAdmin' through policy manager and gave it Adminstrator role in source gateway. Similarly i created a migration admn user with name 'UatMigrationAdmin' through policy manager and gave it administrator role in target gateway.
3) Then i created a private key with CN same exactly same as Migration admin user i.e. 'DevMigrationAdmin' and exported the key and certificate from source gateway and gave it name DevCert.pem and DevKey.p12. I did similar steps on target gateway and generated UatCert.pem and UatKey.p12.
4) Then i mapped the both source and target gateway migrati admin user with the certificate created in step 3 by following the exact same steps mentioned in CA post.
5) Then comes the last step of establishing server trust between source gateway, target gateway and GMU, so i followed the steps as mentioned in post and generated the certificate of default ssl key and exported it with name 'DevSsl.pem'. I did the same steps in UAT and generated the certificate with name 'UatSsl.pem'.
6) Then to add the certificate in JDK trust store i ran the below command which is as per given in the documentation post i.e.
keytool -importcert -alias DevMigrationAdmin -file "C:/Program Files/Java/jre7/bin/DevCert.pem" -keystore "C:/Program Files/Java/jre7/lib/security/cacerts" -storepass changeit

7) It gave the message the certificate is added in the store then i did the same step for UatCert.pem or target gateway with success.
8) Then i rant the command for migrateOut which is as follows:
./GatewayMigrationUtility.bat migrateOut --host 192.168.163.40 --dest dest.xml --folderName /APIs/Inbound/MigrationTest --clientCert DevKey.p12 --encryptionPassphrase @file:Encrypt.txt but it gave me below error.

Running...
Execution failed. Reason: No subject alternative names present. To resolve, either:
• Establish server trust and try again (more info: search "establish server trust" in the Gateway documentation), OR
• Re-run command with the "--trustHostname" parameter to bypass trust requirement.

I followed the steps mentioned in CA post for establishing server trust but still getting this error please help me out. I need the solution ASAP.

Thanks for the cooperation and support.

Regards
Vivek

Note that the "Jay MacDonald" user has also been added to the administrator role. Now when I run the GMU with the following command, where the passphrase to unlock the pkcs12 key is encoded in EncodedPassword.txt (and which will also be used to encrypt the secrets in the output XML file), it works:

jay@jaymac-laptop:~/SecureSpan/GMU-1.5.00$ ./GatewayMigrationUtility.sh migrateOut --host ssg94.l7tech.com --dest dest.xml --folderName /Demos --clientCert jaymac.p12 -x @file:EncodedPassword.txt --encryptionPassphrase @file:EncodedPassword.txt
Running................
Done
jay@jaymac-laptop:~/SecureSpan/GMU-1.5.00$

Dear team,

Need urgent help from my fellow community members for the issue given below. I am trying to setup GMU in our company and i did all the steps as mentioned in this link.
https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-api-management/api-gateway/9-3/gateway-migration/configure-gmu-and-gateways-for-migration.html

The steps i did are as follows which is exactly same as mentioned in above link.
1) Published the REST management service on both source and target gateway.
2) I created a migration admin user with name 'DevMigrationAdmin' through policy manager and gave it Adminstrator role in source gateway. Similarly i created a migration admn user with name 'UatMigrationAdmin' through policy manager and gave it administrator role in target gateway.
3) Then i created a private key with CN same exactly same as Migration admin user i.e. 'DevMigrationAdmin' and exported the key and certificate from source gateway and gave it name DevCert.pem and DevKey.p12. I did similar steps on target gateway and generated UatCert.pem and UatKey.p12.
4) Then i mapped the both source and target gateway migrati admin user with the certificate created in step 3 by following the exact same steps mentioned in CA post.
5) Then comes the last step of establishing server trust between source gateway, target gateway and GMU, so i followed the steps as mentioned in post and generated the certificate of default ssl key and exported it with name 'DevSsl.pem'. I did the same steps in UAT and generated the certificate with name 'UatSsl.pem'.
6) Then to add the certificate in JDK trust store i ran the below command which is as per given in the documentation post i.e.
keytool -importcert -alias DevMigrationAdmin -file "C:/Program Files/Java/jre7/bin/DevCert.pem" -keystore "C:/Program Files/Java/jre7/lib/security/cacerts" -storepass changeit

7) It gave the message the certificate is added in the store then i did the same step for UatCert.pem or target gateway with success.
8) Then i rant the command for migrateOut which is as follows:
./GatewayMigrationUtility.bat migrateOut --host 192.168.163.40 --dest dest.xml --folderName /APIs/Inbound/MigrationTest --clientCert DevKey.p12 --encryptionPassphrase @file:Encrypt.txt but it gave me below error.

Running...
Execution failed. Reason: No subject alternative names present. To resolve, either:
• Establish server trust and try again (more info: search "establish server trust" in the Gateway documentation), OR
• Re-run command with the "--trustHostname" parameter to bypass trust requirement.

I followed the steps mentioned in CA post for establishing server trust but still getting this error please help me out. I need the solution ASAP.

Thanks for the cooperation and support.

Regards
Vivek

Note that the "Jay MacDonald" user has also been added to the administrator role. Now when I run the GMU with the following command, where the passphrase to unlock the pkcs12 key is encoded in EncodedPassword.txt (and which will also be used to encrypt the secrets in the output XML file), it works:

jay@jaymac-laptop:~/SecureSpan/GMU-1.5.00$ ./GatewayMigrationUtility.sh migrateOut --host ssg94.l7tech.com --dest dest.xml --folderName /Demos --clientCert jaymac.p12 -x @file:EncodedPassword.txt --encryptionPassphrase @file:EncodedPassword.txt
Running................
Done
jay@jaymac-laptop:~/SecureSpan/GMU-1.5.00$

Dear team,

Need urgent help from my fellow community members for the issue given below. I am trying to setup GMU in our company and i did all the steps as mentioned in this link.
https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-api-management/api-gateway/9-3/gateway-migration/configure-gmu-and-gateways-for-migration.html

The steps i did are as follows which is exactly same as mentioned in above link.
1) Published the REST management service on both source and target gateway.
2) I created a migration admin user with name 'DevMigrationAdmin' through policy manager and gave it Adminstrator role in source gateway. Similarly i created a migration admn user with name 'UatMigrationAdmin' through policy manager and gave it administrator role in target gateway.
3) Then i created a private key with CN same exactly same as Migration admin user i.e. 'DevMigrationAdmin' and exported the key and certificate from source gateway and gave it name DevCert.pem and DevKey.p12. I did similar steps on target gateway and generated UatCert.pem and UatKey.p12.
4) Then i mapped the both source and target gateway migrati admin user with the certificate created in step 3 by following the exact same steps mentioned in CA post.
5) Then comes the last step of establishing server trust between source gateway, target gateway and GMU, so i followed the steps as mentioned in post and generated the certificate of default ssl key and exported it with name 'DevSsl.pem'. I did the same steps in UAT and generated the certificate with name 'UatSsl.pem'.
6) Then to add the certificate in JDK trust store i ran the below command which is as per given in the documentation post i.e.
keytool -importcert -alias DevMigrationAdmin -file "C:/Program Files/Java/jre7/bin/DevCert.pem" -keystore "C:/Program Files/Java/jre7/lib/security/cacerts" -storepass changeit

7) It gave the message the certificate is added in the store then i did the same step for UatCert.pem or target gateway with success.
8) Then i rant the command for migrateOut which is as follows:
./GatewayMigrationUtility.bat migrateOut --host 192.168.163.40 --dest dest.xml --folderName /APIs/Inbound/MigrationTest --clientCert DevKey.p12 --encryptionPassphrase @file:Encrypt.txt but it gave me below error.

Running...
Execution failed. Reason: No subject alternative names present. To resolve, either:
• Establish server trust and try again (more info: search "establish server trust" in the Gateway documentation), OR
• Re-run command with the "--trustHostname" parameter to bypass trust requirement.

I followed the steps mentioned in CA post for establishing server trust but still getting this error please help me out. I need the solution ASAP.

Thanks for the cooperation and support.

Regards
Vivek