The BusinessConnect Interior Server throws a java.security.cert.CertificateException error when starting the Gateway Server

The BusinessConnect Interior Server throws a java.security.cert.CertificateException error when starting the Gateway Server

book

Article ID: KB0084039

calendar_today

Updated On:

Products Versions
TIBCO BusinessConnect BC 6.x

Description

When starting the BusinessConnect Interior Server, the following error occurs when the Interior Server tries to connect to the Gateway Server.  The error refers to an expired certificate : 
=============
Message Code BW-EXT-LOG-100000 
Application ID BW.BusinessConnect-Interior_Server-1 
Category bw.logger 
Detail Description MimeEncoder.encode: (BCPartnerCommunity) Error processing Gateway startup. Error connecting via JMX to Gateway.: Failed to retrieve RMIServer stub: javax.naming.CommunicationException [Root exception is java.rmi.ConnectIOException: error during JRMP connection establishment; nested exception is: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: com.tibco.security.AXSecurityException: java.security.cert.CertificateExpiredException]: Failed to retrieve RMIServer stub: javax.naming.CommunicationException [Root exception is java.rmi.ConnectIOException: error during JRMP connection establishment; nested exception is: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: com.tibco.security.AXSecurityException: java.security.cert.CertificateExpiredException] 
==============
 

Environment

BC 6.x

Resolution

The gateway server token contains a certificate embedded inside the securitytoken.dat file.  If you have not created a token for a long time (5 years), it is recommended that you recreate the token, as the certificate expiry of the embedded certificates inside the securitytoken.dat is 5 years. It is recommended that the BusinessConnect system Administrator  revoke/regenerate tokens more frequently than the maximum lifetime allowed for the "natural" expiration of the tokens. The goal would be to maintain an uncompromised deployment and periodically revoking the tokens as part of regular maintenance cycles.

To Resolve this error follow below procedure

1) Revoke gateway token.
2) Create Gateway Token with a new name.
3) Copy newly created token to the Gateway Server
4) Restart the Interior Server first, and then start the Gateway Server.
 

Issue/Introduction

The BusinessConnect Interior Server throws a java.security.cert.CertificateException error when starting the Gateway Server
Powered by Wolken Software