Resolution:
Description:
============

SSL is enabled for the HTTP port and a certificate is imported (not using the default "Self-signed Certificate"). The creation of the second BPMNode (TCT option "Configure TIBCO ActiveMatrix BPM server Node Type") fails with the error:

Caused by: com.tibco.trinity.runtime.core.provider.credential.keystore.KeystoreException: com.tibco.trinity.runtime.core.provider.credential.keystore.KeystoreRuntimeException: com.tibco.trinity.runtime.core.provider.credential.keystore.KeystoreRuntimeException: Unable to retrieve keystore from URL(s) '/opt/amx3share2/bpm/keystores/install-server-store.jks'; errors were java.io.FileNotFoundException: /opt/amx3share2/bpm/keystores/install-server-store.jks at /opt/amx3share2/bpm/keystores/install-server-store.jks .
        at com.tibco.trinity.runtime.core.provider.credential.keystore.JavaKeystore.validate(JavaKeystore.java:1084)
        at com.tibco.trinity.runtime.core.provider.credential.keystore.KeyStoreCredentialLoginModule.initialize(KeyStoreCredentialLoginModule.java:163)
        ... 33 more
Caused by: com.tibco.trinity.runtime.core.provider.credential.keystore.KeystoreRuntimeException: com.tibco.trinity.runtime.core.provider.credential.keystore.KeystoreRuntimeException: Unable to retrieve keystore from URL(s) '/opt/amx3share2/bpm/keystores/install-server-store.jks'; errors were java.io.FileNotFoundException: /opt/amx3share2/bpm/keystores/install-server-store.jks at /opt/amx3share2/bpm/keystore

Environment:
============
BPM 2.2.0 when importing a certificate for the BPM Client Configuration.


Cause:
======
The location of the keystore is defined in the Substitution Variable "tibco.bpm.client.keystore". The first BPMNode is created (TCT option "Create TIBCO ActiveMatrix Server") and the tibco.bpm.client.keystore is set correctly on the following AMX objects:
    BPM Environment
    BPMNode

the second BPMNode is created (TCT option "Configure TIBCO ActiveMatrix BPM server Node Type") however the tibco.bpm.client.keystore is incorrectly set on the second BPMNode. The tibco.bpm.client.keystore substitution variable is set to the default value (BPM_SHAREA_AREA/keystores/install-server-store.jks).
The error occurs as the BPM install is using imported (non-default) certificate/ keystore. The default keystore does exist and a FileNotFoundException exception is generated.

Resolution:
===========
With the TCT option "Create TIBCO ActiveMatrix BPM Server" the BPM client keystore is configured in the TCT file CONFIG_HOME/tct/bpm/&ltdatetimestamp>/scripts/build.properties

The following is an example of the lines in the file.

bpm.client.enablessl=true
bpm.client.autogeneratekeystore=false
bpm.client.keystorelocation=/opt/amxshare/keystores/clientkey.jks
bpm.client.keystoretype=JKS
bpm.client.keystorepassword=#!bQ+cjGFZnnI60p1LW1RXfG42NbO7Mirx
bpm.client.keyalias=clientkey
bpm.client.keypassword=#!i7xt2myUpZjqLXJbS3KYkbP1zzXAxv8W


The TCT option "Configure TIBCO ActiveMatrix BPM server Node Type" does  not provide the facility to configure the BPM keystore.
The BPMNodeType TCT scripts are generated under CONFIG_HOME/tct/bpmnodetype/&ltdatetimestamp>/scripts

The imported certificate / keystore is not configured in the TCT file CONFIG_HOME/tct/bpmnodetype/&ltdatetimestamp>/scripts/build.properties

The resolution is to manually amend the BPMNodeType scripts to configured the BPM client keystore.

The following is required to configure the BPM client keystore:


1). Add the “tibco.bpm.client*” to the file CONFIG_HOME/tct/bpmnodetype/&ltdatetimestamp>/scripts/build.properties
      The lines can be copied from the file CONFIG_HOME/tct/bpm/&ltdatetimestamp>/scripts/build.properties
      (the TCT script file used to configure the first BPM Node)


2). Add the following lines to the file CONFIG_HOME/tct/bpmnodetype/&ltdatetimestamp>/scripts/templates/ bpm-nodetype.properties.xsl

tibco.bpm.client.autogeneratekeystore=&ltxsl:value-of select="config/bpm.client.autogeneratekeystore" />

&ltxsl:if test="config/bpm.client.enablessl='true'">
tibco.bpm.client.enablessl=true
&ltxsl:if test="config/bpm.client.autogeneratekeystore='false'">
tibco.bpm.client.keystorelocation=&ltxsl:value-of select="config/bpm.client.keystorelocation" />
tibco.bpm.client.keystoretype=&ltxsl:value-of select="config/bpm.client.keystoretype" />
tibco.bpm.client.keystorepassword=&ltxsl:value-of select="config/bpm.client.keystorepassword" />
tibco.bpm.client.keyalias=&ltxsl:value-of select="config/bpm.client.keyalias" />
tibco.bpm.client.keypassword=&ltxsl:value-of select="config/bpm.client.keypassword" />
</xsl:if>
</xsl:if>

After updating the two files, run the TCT ant scripts to create the TIBCO ActiveMatrix BPM server Node Type, e.g.

cd /opt/amxconfig/tct/bpmnodetype/2013-11-21-17-15-59/scripts
/opt/tibco/tibcojre64/1.7.0/bin/java -Xmx1024m -XX:MaxPermSize=512m -Xms256m -classpath /opt/tibco/tools/lib/antpackage.jar  org.apache.tools.ant.Main


If the BPMnodeType build has failed then the BPMNodeType node must be deleted before running the ant command.


The following actions are required to delete the failed BPMNodeType node using the AMX Administrator:

1). Remove the node from the distribution list of the amx.bpm.app .

2). Deploy the amx.bpm.app application.

3). Uninstall the node.

4). Delete the node.