Gateway Configuration Menu (Appliance)

To configure a single Gateway or the first processing node of a cluster, select option 2 (Display CA API Gateway configuration menu) from the Gateway main menu.
gateway93
To configure a single Gateway or the first processing node of a cluster, select option 
2
 (Display CA API Gateway configuration menu) from the Gateway main menu.
 
Prerequisite:
 
  • When configuring the first node of a cluster, ensure that the database layer is properly configured for replication and tested. 
    Failure to do this will require complex steps to enable proper operation of the cluster.
     Replication is described in Configuring Cluster Database Replication.
The procedure described in this section is suitable for configuring a single stand-alone Gateway or to configure the first node of a cluster of Gateways after replication has been configured. If you are configuring a cluster of Gateways, be sure to read Configure a Gateway Cluster for instructions on setting up replication and configuring the processing nodes.
The Gateway Configuration menu has the following options:
This menu allows you to configure the Gateway application What would you like to do? 1) Upgrade the CA API Gateway database 2) Create a new CA API Gateway database 3) Configure the CA API Gateway 4) Change the CA API Gateway cluster passphrase 5) Delete the CA API Gateway 6) Display the current CA API Gateway configuration 7) Manage CA API Gateway status 8) Reset Admin password X) Exit Please make a selection: 1
Gateway Configuration Menu Options
The following table describes each menu option. When configuring a new stand-alone Gateway or first processing node of a Gateway cluster, you only need to use option 
2
 (Create a new CA API Gateway database). 
 
Option
 
 
Description
 
 
1) Upgrade the CA API
 
Gateway database
 
Select this option to upgrade the Gateway database to the current software version. This is required only if you have installed a new version of the Gateway. If an upgrade is not required, you will be notified by a message on the screen.
 
2) Create a new CA API
 
Gateway database
 
Select this option to create a database for the first (or only) Gateway node in the cluster.
When configuring a database connection, you are guide through the following steps:
  • Set Up the Gateway Database
  • Set Up the Gateway Failover Database
  • Set Up the SSM Administrator
  • Set Up the Gateway Cluster
  • Set Up the Gateway Node
Fewer prompts are displayed when using the embedded database.
 Once the new Gateway database is created, you can no longer use option 2 on that cluster. To modify the configuration afterwards or to add additional processing nodes, use option 3, 
Configure the Gateway
. To delete the Gateway configuration and start over again, use option 5, 
Delete the Gateway
.
 
2) Create a new CA API
 
Gateway database 
 
--> 
Database Connection
 
Enter 
yes
 to configure a connection to a MySQL database. This is the default.
Enter 
no
 to use the embedded database (see Using the Gateway Embedded Database). The first prompt you  see is “Set Up the SSM Administrator”.
 
2) Create a new CA API
 
Gateway database 
 
--> 
Set Up the Gateway Database
 
 
(Only applies to MySQL database connections)
 
Enter information about the new MySQL database:
  • Database Host:
     Enter the name of the database host. If the database is installed on the same server as the Gateway, you can press [
    Enter
    ] to accept 
    localhost
    .
If setting up the first node of a cluster, accept “localhost” as the primary database node. You can enter the secondary database node in the next step (“Set Up the Gateway Failover Database”).
  • Database Port:
     Enter the port number or press [
    Enter
    ] to accept the default port 
    3306
    .
  • Database Name:
     Enter a distinct name to define the Gateway database name or press [
    Enter
    ] to accept the default name 
    ssg
    .
  • Database Username:
     Enter the name of the user who has access to the database. The default name is 
    gateway
    .
  • Database Password:
     Define a password for the database user, then retype to confirm.
  • Administrative Database Username:
     Enter the username of the root MySQL user. The default user is 
    root
    .
  • Administrative Database Password:
     Enter the password for the root MySQL user.
 
2) Create a new CA API
 
Gateway database 
 
--> 
Set Up the Gateway Failover Database
 
 
(Only applies to MySQL database connections)
 
For MySQL database connections, you can optionally configure a failover database.
  • Configure Database Failover Connection:
     Enter 
    yes
     to configure a database failover connection or press [
    Enter
    ] to enter “no” and skip to the next part of the configuration.
  • Database Failover Host:
     Enter the host name of the machine that serves as a database failover.
  • Database Failover Port:
     Enter the port number to use on the failover host, or press [
    Enter
    ] to accept the default port 
    3306
    .
 
2) Create a new CA API Gateway database 
 
-->  
Set Up the SSM Administrator
 
Create a Policy Manager administrative user account:
  • SSM Username:
     Enter the name of the Policy Manager administrative user.
  • SSM Password:
     Define a password for the administrative user, then retype to confirm.
For information on logging in with these credentials, see “Connect to the Gateway” in Start the Policy Manager.
 
2) Create a new CA API
 
Gateway database 
 
-->  
Set Up the Gateway Cluster
 
Enter the host name and password for the Gateway cluster. 
Note:
 A stand-alone Gateway or a Gateway with an embedded database is considered to be a “cluster” of one.
  • Cluster Host:
     Enter the Gateway cluster fully qualified domain name (FQDN) used to identify the Gateway and to generate the SSL certificate. An example of a hostname: 
    clusterhostname.mycompany.com
    .
  • Cluster Passphrase:
     Enter a passphrase to protect the cluster, between 6-129 characters. Retype to confirm.
If you need to change the
 
cluster hostname, you cannot do it using this menu option once it has been set. Instead, perform these steps using the Policy Manager to change a cluster host name:
  1. Set the cluster property 
    cluster.hostname
     to the new name of the host.
  2. Create a new private key using the 
    Manage Private Keys
     task. Be sure to set this key as the default SSL key. For more information, see Private Key Properties.
  3. Restart all nodes in the cluster for the new cluster host name to take effect.
 
2) Create a new CA API Gateway database 
 
-->  
Set Up the Gateway Node
 
Set up the Gateway node:
  • Enabled:
     Press [
    Enter]
     to enable the node, or enter 
    no
     to leave the node disabled after configuration is complete.
The configuration summary is displayed. Carefully review the settings and then press [
Enter
] to confirm. To make corrections, enter 
<<
 to return to the appropriate step in the wizard.
 
2) Create a new CA API Gateway database 
 
-->  
Configuration Results
 
The configuration results show either:
  • Success:
     Press [
    Enter]
     to return to the Configure Gateway menu. Enter 
    X
     to exit the menu, and then enter 
    R
     on the main menu to reboot the appliance. You may now start the Gateway.
  • Errors encountered:
     Copy and paste the log messages from the command window into a text file. Analyze the errors and run the wizard again.
 
3) Configure the CA API Gateway
 
Use this option to do one of the following:
  • Edit the settings for a Gateway node that has already been configured.
  • Add a new processing node to a cluster.
Select which settings to change:
  • Enter 
    1
     to change the database connection. For details, see “Create a new Gateway database --> Database Connection” above.
  • Enter 
    2
     to change the database failover connection. For details, see “Create a new Gateway database --> Set Up the Gateway Failover Database” above.
  • Enter 
    3
     to change the password for the cluster. For details, see “Create a new Gateway database --> Set Up the Gateway Cluster” above.
  • Enter 
    4
     to change the node configuration. For details, see “Create a new Gateway database --> Set Up the Gateway Node” above.
When this option is used to add a new processing node to a cluster, you are prompted to enter the following:
Database Host
Database Port
Database Name
Database Username
Failover Database Host (optional)
Failover Database Port (optional)
Cluster Password
For more information on each of these fields, see Configuring Subsequent Processing Nodes.
 
4) Change the 
CA API 
Gateway cluster passphrase
 
Select this option to change the passphrase for the Gateway cluster.
  1. Type the existing password.
  2. Enter the new password, between 6 to 128 characters.
  3. Retype the password to confirm.
IMPORTANT NOTE FOR SAFENET LUNA HSM:
 If the Gateway is using the SafeNet HSM device, you must disable support for the SafeNet HSM prior to changing the master passphrase, then re-enable support afterwards. For more information, see Manage Keystore.
5) Delete the CA API Gateway
 
Select this option to delete the configuration for the Gateway node.
  • If the node being deleted is also the host for the primary database, the database can be optionally deleted by entering database administration credentials.
  • If the database is not deleted, you can reuse it at a later time by using option 3, 
    Configure the Gateway
    .
Deleting the configuration is permanent. All information in the database is lost.
Enter 
yes
 to proceed with the deletion.
6) Display the current CA API Gateway configuration
 
Select this option to view the current Gateway configuration. The following information is displayed:
  • Database hostname
  • Database port
  • Database name
  • Database user name
  • Whether the node is enabled
 
7) Manage CA API
 
Gateway status
 
Select this option to view the current Gateway status or to stop/restart the Gateway. The following information is displayed initially:
  • Current status of the Gateway node, which is one of:
    • STARTING – Node is starting up
    • WONT_START – Node encountered an unrecoverable error when starting
    • RUNNING – Node is running normally
    • ABNORMAL_SHUTDOWN – Node shut down unexpectedly
    • STOPPING – Node is stopping
    • STOPPED – Node is stopped
    • Current time stamp
    • When the node was started
Press [
Enter
] to display options that allow you to:
  • Stop the Gateway (if currently running)
  • Start the Gateway (if currently stopped)
  • Restart the Gateway
Always stop and restart the Gateway using these menu options or by using the command line equivalents (
“service ssg stop”
 and 
“service ssg start”
, or simply 
“service ssg restart”
). 
Never
 stop a Gateway by turning off the appliance or use the appliance power switch to restart the Gateway.
8) Reset Admin password
 
Use this option to change the password of the administrative user.
Enter the name of the admin user and then enter the new password.