Rajeev Alagarsamy Posted July 27, 2011 Posted July 27, 2011 I am getting "Server certificate rejected by ChainVerifier" while accessing a thru SOAP Request reply activity, can any one help me in resolving this issue
Manoj Chaurasia Posted July 27, 2011 Posted July 27, 2011 Thanks for the info Akhil. I got a new link from the service provider to download the Root CA , when i clicked the link i got into a page which contained the info like ----- BEGIN CERTIFICATE----- XXXXXXXX ----- END CERTIFICATE ----- . I jus save that content as .cer file and then converted that to PEM file in Certificate >> Details >> Copy file from the cert itself . And then i impoted that file into Designer using Tools > Trusted Certificate option. Also i added the property ' java.property.TIBCO_SECURITY_VENDOR=j2se ' in designer.tra , when i tested the change i got a different issue saying caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: com.tibco.security.AXSecurityException: CA certificate with issuer CN=VeriSign Class 3 International Server CA - G3, OU=Terms of use at https://www.verisign.com/rpa ©10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US and serial number 1AB4 FFA5 0778 762B 17C6 2FCF 1475 16A7 is not a trusted certificate we are not using the serial number said in the exception, can you please help me out to find this
Manoj Chaurasia Posted July 27, 2011 Posted July 27, 2011 1. For a chain of certificates, there have to be more than one ---BEGIN CERTIFICATE--- in the same .cer file. 2. If it is a different serial number it means it is not the one depoloyed on the server side.
Manoj Chaurasia Posted January 28, 2012 Posted January 28, 2012 Hi All!I am a bit confused here. I am also having an SSL connection issue. I am using SoapRequestReply activity to connect to webservice. I have placed the certificate (.cer)which partner provided us in cerificate folder and I am using BW_GLOBAL_TRUSTED_CA_STORE. Why do I have to import the cerificate using Tools=>Trusted Certificates in designer, or is this step must Getting following error: An IOException was thrown while trying to execute the Http method at com.tibco.plugin.share.http.client.JakartaHttpTransportDriver$RequestExecutor.r un(JakartaHttpTransportDriver.java:238) at com.tibco.pe.util.ThreadPool$ThreadPoolThread.run(ThreadPool.java:99) caused by: java.io.IOException: Failed to create secure client socket: Server certificate rejected by ChainVerifier When I used portecle and check for the chains, I am not seeing any chains there, only one page is displayed. Can someone pls tell me what's the issue Thanks, ....AshishPlease refer the attached screenshot: [cert.bmp]
Manoj Chaurasia Posted October 23, 2015 Posted October 23, 2015 In this case the certificate is not a single certificate, it is a chain of certificates upto the root certificate. You need to get that chain of certificates. One way to do that is to export the certificate using any browser like IE or Firefox. But that sometimes does get the complete chain. One good way is to use a tool called portecle. Install this tool and run it. Then follow these steps to get the correct certficate with chain. 1. Go to Examine menu, select Exmaine SSL/TLS connection. 2. Enter the server or host name. Press Ok. 3. It will show one page for each certificate in that chian. 4. Click on the PEM encoding, and copy the content in a file. 5. Click on next page to get next certificate in chain, and append the PEM encoding in the same file. 6. After all certificate's PEM encoding are appended, save the file with a .cer or .crt extension. This will gibe you a valid chian of certifcate file. Thanks. Hope this help. The prgram is attached.
saddam shaikh Posted June 2, 2020 Posted June 2, 2020 I was also gettingsame error"caused by: java.io.IOException: Failed to create secure client socket: Server certificate rejected by ChainVerifier". In my case ,one of the certificate in certificate chain was expired.After updating certificate issue was resolved.Download updated certificates from browser or ask vendor to provide certificate.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now