VCS connections are no longer displayed after the default certificate in TIBCO Data Virtualization has been changed
Article ID: KB0073567
Updated On:
| Products | Versions |
|---|---|
| TIBCO Data Virtualization | 7.0 and higher |
Description
If VCS >> Manage Connections is clicked on after installing a new certificate in TDV (TIBCO Data Virtualization), Studio pops up an error dialog with the following message:
Failed to load VCS connections from the server. Please check your SSL certificate.
as shown below:
The Studio log (cs_studio.log) contains the following error:
-------------
INFO 2021-04-20 14:20:21.315 -0700 VcsHelper - GetIsVcsEnabled
javax.ws.rs.ProcessingException: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
-------------
Failed to load VCS connections from the server. Please check your SSL certificate.
as shown below:
The Studio log (cs_studio.log) contains the following error:
-------------
INFO 2021-04-20 14:20:21.315 -0700 VcsHelper - GetIsVcsEnabled
javax.ws.rs.ProcessingException: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
-------------
Resolution
This error occurs if the new TDV certificate has not been imported into the Studio truststore file. By default, the truststore file is cis_studio_truststore.jks. Below are the steps to import the certificate into the Studio truststore.
1. Save the certificate as a file (e.g. ROOT.cer).
The easiest way to do this is:
- ROOT.cer
- INTERMEDIATE.cer
- FINAL.cer
2. Import the .cer file(s) into cis_studio_truststore.jks.
The keytool utility shipped with TDV may be used for the purpose.
Example
C:\apps\tdv84\jdk\bin\keytool -import -trustcacerts -alias tdvcert1 -file ROOT.cer -keystore C:\apps\tdv84\conf\studio\security\cis_studio_truststore.jks -storepass changeit
C:\apps\tdv84\jdk\bin\keytool -import -trustcacerts -alias tdvcert2 -file INTERMEDIATE.cer -keystore C:\apps\tdv84\conf\studio\security\cis_studio_truststore.jks -storepass changeit
C:\apps\tdv84\jdk\bin\keytool -import -trustcacerts -alias tdvcert3 -file FINAL.cer -keystore C:\apps\tdv84\conf\studio\security\cis_studio_truststore.jks -storepass changeit
3. Shut down and restart Studio.
4. The VCS Connections should now be displayed in Studio.
If the error continues to appear instead of the VCS connections being displayed, test whether Studio is able to read the certificate(s) from its truststore by selecting the Encrypt checkbox in the Studio login dialog, and then clicking the Connect button.
Selecting the Encrypt box tells Studio to read the certificate(s) imported into cis_studio_truststore.jks, and use them to open an SSL connection to TDV.
If the certificate chain was not successfully imported into the truststore Studio will fail to open an SSL connection. More specifically, Studio will pop up an error dialog containing the error "RMI Exception". In the event that an error dialog of this type appears, refer to following KBA article for instructions on how to resolve the error:
https://support.tibco.com/s/article/When-I-try-to-connect-to-TDV-server-using-Studio-with-the-Encrypt-option-Studio-displays-an-RMI-Exception
Once this is done, try accessing VCS >> Manage Connections once again.
1. Save the certificate as a file (e.g. ROOT.cer).
The easiest way to do this is:
- Open the TDV Web Manager by entering the HTTPS url in a browser
- Use the browser's export function to save the certificate as an X.509 file. Below is an example using the Microsoft Edge browser.
- ROOT.cer
- INTERMEDIATE.cer
- FINAL.cer
2. Import the .cer file(s) into cis_studio_truststore.jks.
The keytool utility shipped with TDV may be used for the purpose.
Example
C:\apps\tdv84\jdk\bin\keytool -import -trustcacerts -alias tdvcert1 -file ROOT.cer -keystore C:\apps\tdv84\conf\studio\security\cis_studio_truststore.jks -storepass changeit
C:\apps\tdv84\jdk\bin\keytool -import -trustcacerts -alias tdvcert2 -file INTERMEDIATE.cer -keystore C:\apps\tdv84\conf\studio\security\cis_studio_truststore.jks -storepass changeit
C:\apps\tdv84\jdk\bin\keytool -import -trustcacerts -alias tdvcert3 -file FINAL.cer -keystore C:\apps\tdv84\conf\studio\security\cis_studio_truststore.jks -storepass changeit
3. Shut down and restart Studio.
4. The VCS Connections should now be displayed in Studio.
If the error continues to appear instead of the VCS connections being displayed, test whether Studio is able to read the certificate(s) from its truststore by selecting the Encrypt checkbox in the Studio login dialog, and then clicking the Connect button.
Selecting the Encrypt box tells Studio to read the certificate(s) imported into cis_studio_truststore.jks, and use them to open an SSL connection to TDV.
If the certificate chain was not successfully imported into the truststore Studio will fail to open an SSL connection. More specifically, Studio will pop up an error dialog containing the error "RMI Exception". In the event that an error dialog of this type appears, refer to following KBA article for instructions on how to resolve the error:
https://support.tibco.com/s/article/When-I-try-to-connect-to-TDV-server-using-Studio-with-the-Encrypt-option-Studio-displays-an-RMI-Exception
Once this is done, try accessing VCS >> Manage Connections once again.
Issue/Introduction
VCS connections are no longer displayed after the default certificate in TIBCO Data Virtualization has been changed
Feedback
Yes
No
Powered by
