Unable to delete expired certificates from BusinessConnect
Article ID: KB0073458
Updated On:
| Products | Versions |
|---|---|
| TIBCO BusinessConnect | - |
Description
When attempting to delete a certificate, the BusinessConnect Administrator errors out with: "Failed to remove credential. KeyStoreItem: <certificate name>, cannot be deleted as it is currently bound to one or more secured Transports, or used by Document Security settings in one or more Business Agreements".
Cause:
While inspecting the relevant BusinessAgremeents, no usage of the certificate is seen. The trading partner certificate is stored in a hidden place in the Business Agreement for the Trading partner that is not exposed via the Administrator GUI. In some cases, we found that the Business Agreement may retain certificate information even if it is not shown in the BusinessAgreement itself.
Environment
BusinessConnect 7.x
Applicable to all Environments.
Resolution
We have two approaches/workarounds to remove expired certificates from our BC environment:
1. First approach:
Please follow KB article #000031126. The KB is written for BC 6.x but the same KB can be applied in BC 7.x also.
The link for the same KB is as follows: https://support.tibco.com/s/article/Unable-to-remove-unused-expired-certificates-of-a-Trading-partner-in-BC
2. Second approach:
Sometimes there are many BusinessAgreement and it is not possible to check each one of them for the problematic record. So, in that case, please follow the below approach:
- You have to identify the problematic/expired certificate record in your BusinessConnect database i.e you need to go to the BC_KEYSTOREITEM table and search for the expired certificate name in the OBJNID column.
- If you are able to find the problematic/expired record in the BC_KEYSTOREITEM table in the database, then remove this problematic/expired record from the database. After doing the above step a BC engine restart may be required.
NOTE: If you are removing the certificate from the database in your production then please take a backup of the certificate, bc_keystoreitem, and bc_securityinfo table before you remove any record from them. We recommend doing this procedure duing BusinessConnect downtime.
1. First approach:
Please follow KB article #000031126. The KB is written for BC 6.x but the same KB can be applied in BC 7.x also.
The link for the same KB is as follows: https://support.tibco.com/s/article/Unable-to-remove-unused-expired-certificates-of-a-Trading-partner-in-BC
2. Second approach:
Sometimes there are many BusinessAgreement and it is not possible to check each one of them for the problematic record. So, in that case, please follow the below approach:
- You have to identify the problematic/expired certificate record in your BusinessConnect database i.e you need to go to the BC_KEYSTOREITEM table and search for the expired certificate name in the OBJNID column.
- If you are able to find the problematic/expired record in the BC_KEYSTOREITEM table in the database, then remove this problematic/expired record from the database. After doing the above step a BC engine restart may be required.
NOTE: If you are removing the certificate from the database in your production then please take a backup of the certificate, bc_keystoreitem, and bc_securityinfo table before you remove any record from them. We recommend doing this procedure duing BusinessConnect downtime.
Issue/Introduction
Unable to delete expired certificates from BusinessConnect
Feedback
Yes
No
Powered by
