When using BC with protocols or transports with SSL certificate, BC will intermittently fail to connect, or not connect at all with remote servers using TLS.  Also, certificate validation may fail when using signing and encryption with AS2 or RosettaNet.

If verifying the HTTP issue using a packet capture, the TLS handshake fails after the ServerHello message.  There is no response, or the response happens after the trading partner sends a reset.

JRE 8 tries to verify CA certificates used by the trading partner with the CA provider directly via the internet, rather than using a local copy of the CA certificates configured in BusinessConnect.  With slow internet connections, the verification may exceed the handshake timeout of the target server.  The connection may not work at all if the BC interior server is using a proxy server for external connections, as the JRE will not be able to contact the CA site directly.

To prevent this from happening, please add these properties to the deployed engine TRA file(s).  These files are located in the $TIBCO/tra/domain/<your domain name>/application/BusinessConnect directories on all servers where the BC engines are deployed:

java.property.com.tibco.security.NoExplicitCAChain=true
java.property.com.tibco.security.CheckRevocation=false

This will prevent the JRE from accessing the CA site to verify the certificate.  It will also improve performance of the BC engine.

NOTE:  You will have add these modifications back into these files after every redeployment of the BC engines.