The BusinessConnect Interior Server throws a java.security.cert.CertificateException error when starting the Gateway Server
book
Article ID: KB0084039
calendar_today
Updated On:
Products
Versions
TIBCO BusinessConnect
BC 6.x
Description
When starting the BusinessConnect Interior Server, the following error occurs when the Interior Server tries to connect to the Gateway Server. The error refers to an expired certificate : ============= Message Code BW-EXT-LOG-100000 Application ID BW.BusinessConnect-Interior_Server-1 Category bw.logger Detail Description MimeEncoder.encode: (BCPartnerCommunity) Error processing Gateway startup. Error connecting via JMX to Gateway.: Failed to retrieve RMIServer stub: javax.naming.CommunicationException [Root exception is java.rmi.ConnectIOException: error during JRMP connection establishment; nested exception is: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: com.tibco.security.AXSecurityException: java.security.cert.CertificateExpiredException]: Failed to retrieve RMIServer stub: javax.naming.CommunicationException [Root exception is java.rmi.ConnectIOException: error during JRMP connection establishment; nested exception is: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: com.tibco.security.AXSecurityException: java.security.cert.CertificateExpiredException] ==============
Issue/Introduction
The BusinessConnect Interior Server throws a java.security.cert.CertificateException error when starting the Gateway Server
Environment
BC 6.x
Resolution
The gateway server token contains a certificate embedded inside the securitytoken.dat file. If you have not created a token for a long time (5 years), it is recommended that you recreate the token, as the certificate expiry of the embedded certificates inside the securitytoken.dat is 5 years. It is recommended that the BusinessConnect system Administrator revoke/regenerate tokens more frequently than the maximum lifetime allowed for the "natural" expiration of the tokens. The goal would be to maintain an uncompromised deployment and periodically revoking the tokens as part of regular maintenance cycles.
To Resolve this error follow below procedure
1) Revoke gateway token. 2) Create Gateway Token with a new name. 3) Copy newly created token to the Gateway Server 4) Restart the Interior Server first, and then start the Gateway Server.