Inbound messages failed to decrypt with error: Failed to decrypt S/MIME message. Please ensure the unlimited strength JCE policy jars have been installed.
Article ID: KB0072996
Updated On:
| Products | Versions |
|---|---|
| TIBCO BusinessConnect | 7.1.x |
Description
While receiving an inbound AS2 transaction, the following error message is observed in the Interior Server (IS) logs:
===
Error processing AS2 message. Failed to decrypt S/MIME message. Please ensure the unlimited strength JCE policy jars have been installed. Please check the Document Security-Decryption Key setting in the Business Agreement. java.lang.ClassCastException: sun.security.x509.X509CertImpl cannot be cast to iaik.x509.X509Certificate
===
===
Error processing AS2 message. Failed to decrypt S/MIME message. Please ensure the unlimited strength JCE policy jars have been installed. Please check the Document Security-Decryption Key setting in the Business Agreement. java.lang.ClassCastException: sun.security.x509.X509CertImpl cannot be cast to iaik.x509.X509Certificate
===
Issue/Introduction
Inbound messages failed to decrypt with error: Failed to decrypt S/MIME message. Please ensure the unlimited strength JCE policy jars have been installed.
Environment
All platforms
Resolution
To resolve such errors, please verify the following:
- Make sure that you have installed the correct JCE files as mentioned in the "Installing Unlimited Strength JCE Policy Files" section of the BusinessConnect installation guide.
- Verify that the timestamps of the US_export_policy.jar and local_policy.jar files are different from the other file time stamps under TIBCO_HOME\tibcojre64\version\lib\security\policy\unlimited. After replacing the existing policy files with new ones, please restart the Interior Server and test the scenario.
- In addition, please check whether the right certificates/keys are selected under 'BusinessAgreements > Host-TP Name > Protocol Name > Document Security' as well as the correct decryption key is set under 'BusinessAgreements > Host-TP Name > Protocol Name > Document Security > Encryption Info Settings > Decryption Key'. Also, please ensure that the trading partner is using the correct set of certificates.
- If the issue persists, please check if the property "java.property.TIBCO_SECURITY_VENDOR=j2se" is commented out from the deployed engine.tra file. After commenting the property, restart the Interior Server and retest.
- Make sure that you have installed the correct JCE files as mentioned in the "Installing Unlimited Strength JCE Policy Files" section of the BusinessConnect installation guide.
- Verify that the timestamps of the US_export_policy.jar and local_policy.jar files are different from the other file time stamps under TIBCO_HOME\tibcojre64\version\lib\security\policy\unlimited. After replacing the existing policy files with new ones, please restart the Interior Server and test the scenario.
- In addition, please check whether the right certificates/keys are selected under 'BusinessAgreements > Host-TP Name > Protocol Name > Document Security' as well as the correct decryption key is set under 'BusinessAgreements > Host-TP Name > Protocol Name > Document Security > Encryption Info Settings > Decryption Key'. Also, please ensure that the trading partner is using the correct set of certificates.
- If the issue persists, please check if the property "java.property.TIBCO_SECURITY_VENDOR=j2se" is commented out from the deployed engine.tra file. After commenting the property, restart the Interior Server and retest.
Feedback
Yes
No
Powered by
