The TIBCO Platform is a real-time, composable data platform that will bring together an evolving set of your TIBCO solutions - and it's available now!
A chart showing the TIBCO Platform vision
Jump to content
Forums
Ask questions and gain insight from discussions

Recommended Posts

Posted

Thanks for the info Akhil.

 

I got a new link from the service provider to download the Root CA , when i clicked the link i got into a page which contained the info like ----- BEGIN CERTIFICATE----- XXXXXXXX ----- END CERTIFICATE ----- . I jus save that content as .cer file and then converted that to PEM file in Certificate >> Details >> Copy file from the cert itself . And then i impoted that file into Designer using Tools > Trusted Certificate option.

 

Also i added the property ' java.property.TIBCO_SECURITY_VENDOR=j2se ' in designer.tra , when i tested the change i got a different issue saying

 

caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: com.tibco.security.AXSecurityException: CA certificate with issuer CN=VeriSign Class 3 International Server CA - G3, OU=Terms of use at https://www.verisign.com/rpa ©10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US and serial number 1AB4 FFA5 0778 762B 17C6 2FCF 1475 16A7 is not a trusted certificate

 

we are not using the serial number said in the exception, can you please help me out to find this

Posted

1. For a chain of certificates, there have to be more than one ---BEGIN CERTIFICATE--- in the same .cer file.

 

2. If it is a different serial number it means it is not the one depoloyed on the server side.

  • 6 months later...
Posted

Hi All!I am a bit confused here. I am also having an SSL connection issue. I am using SoapRequestReply activity to connect to webservice. I have placed the certificate (.cer)which partner provided us in cerificate folder and I am using BW_GLOBAL_TRUSTED_CA_STORE. Why do I have to import the cerificate using Tools=>Trusted Certificates in designer, or is this step must

Getting following error:

An IOException was thrown while trying to execute the Http method

at com.tibco.plugin.share.http.client.JakartaHttpTransportDriver$RequestExecutor.r un(JakartaHttpTransportDriver.java:238)

at com.tibco.pe.util.ThreadPool$ThreadPoolThread.run(ThreadPool.java:99)

caused by: java.io.IOException: Failed to create secure client socket: Server certificate rejected by ChainVerifier

When I used portecle and check for the chains, I am not seeing any chains there, only one page is displayed. Can someone pls tell me what's the issue

 

Thanks,

....AshishPlease refer the attached screenshot: [cert.bmp]

  • 3 years later...
Posted

In this case the certificate is not a single certificate, it is a chain of certificates upto the root certificate.

You need to get that chain of certificates.

One way to do that is to export the certificate using any browser like IE or Firefox. But that sometimes does get the complete chain.

One good way is to use a tool called portecle. Install this tool and run it. Then follow these steps to get the correct certficate with chain.

1. Go to Examine menu, select Exmaine SSL/TLS connection.

2. Enter the server or host name. Press Ok.

3. It will show one page for each certificate in that chian.

4. Click on the PEM encoding, and copy the content in a file.

5. Click on next page to get next certificate in chain, and append the PEM encoding in the same file.

6. After all certificate's PEM encoding are appended, save the file with a .cer or .crt extension.

 

This will gibe you a valid chian of certifcate file.

 

Thanks. Hope this help. The prgram is attached.

  • 4 years later...
Posted
I was also gettingsame error"caused by: java.io.IOException: Failed to create secure client socket: Server certificate rejected by ChainVerifier". In my case ,one of the certificate in certificate chain was expired.After updating certificate issue was resolved.Download updated certificates from browser or ask vendor to provide certificate.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...