Broadcom API Gateway - Resolve "403 forbidden Unable to read KeyStore"
by
Jeremy Canfield |
Updated: January 27 2021
| Broadcom API Gateway articles
When attempting to import a private key into an API Gateway using the GatewayMigrationUtility.sh, "403 forbidden" and "Unable to read KeyStore" is returned.
Running...
Status: 403 Forbidden
Server: Apache-Coyote/1.1
Content-Length: 466
Date: Tue, 26 Jan 2021 12:11:57 GMT
Content-Type: application/xml
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<l7:Error xmlns:l7="http://ns.l7tech.com/2010/04/gateway-management">
<l7:Type>ResourceAccess</l7:Type>
<l7:TimeStamp>2021-01-26T06:11:57.172-06:00</l7:TimeStamp>
<l7:Link rel="self" uri="https://apig.example.com:8443/restman/1.0/privateKeys/00000000000000000000000000000002:key001/import"/>
<l7:Detail>Unable to read KeyStore: 0 >= 0. Caused by: 0 >= 0</l7:Detail>
</l7:Error>
This assumes you are familiar with the basic usage of the Gateway Migration Utility and that you are using an arguments file with an encoded password to connect to your API Gateway. Ensure the user account has the administrator role.
In this example, the private key in file importPrivateKey.xml is being imported. This error usually suggests some problem with the data in the XML file being used.
/path/to/GatewayMigrationUtility.sh restman
-argFile example.properties
-method POST
-path '1.0/privateKeys/00000000000000000000000000000002:key001/import'
-request importPrivateKey.xml
Most often, there may be some issue with the data in the <l7:Pkcs12Data> tags.
<l7:PrivateKeyImportContext xmlns:l7="http://ns.l7tech.com/2010/04/gateway-management">
<l7:Pkcs12Data>MIIbaAIBAzCCGyEGCSqGSIb3DQEHAaCCGxIEghsOMIIbCjCCBeYGCSqGSIb3DQEHAaCCBdcEggXT...</l7:Pkcs12Data>
<l7:Alias>key001</l7:Alias>
<l7:Password>itsasecret</l7:Password>
</l7:PrivateKeyImportContext>
Did you find this article helpful?
If so, consider buying me a coffee over at 