How to run TIBCO BusinessWorks Salesforce.com Plug-in on JRE1.5.0 if certificates signed with a SHA-256 hash algorithm.
Article ID: KB0092479
Updated On:
| Products | Versions |
|---|---|
| TIBCO ActiveMatrix BusinessWorks Plug-in for Salesforce.com | - |
| Not Applicable | - |
Description
Description:
JRE truststore(TIBCO_HOME/jre/<version>/lib/security/cacerts) is used for certificates validation. By default, JRE 1.5.0 does not include the CA certs of Salesforce's SHA2 . If using the Salesforce plugin on JRE1.5, the SSL handshake will fail with the error:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target.
Resolution
Import the CA certs(root/intermediate certs) to the JRE truststore by using Keytool manually:
1).Download CA certs (both intermediate and root certs) via a browser. Example: Open the SHA2 address via a browser such as Firefox. Here is using Salesforce SHA2 test endpoint https://sha2test.salesforce.com/services/Soap/u/32.0.
Export certs as X.509 Certificate pem format.
2).Import the certs to a JRE truststore via the keytool command. Example: Launch cmd and go to TIBCO_HOME/jre/1.5.0/lib/security directory. Execute the following command:
keytool -import -alias <cert alias> -file <c:/intermediate.crt> -keystore cacerts
The keystore password is changeit.
3). Restart Designer.
Issue/Introduction
How to run TIBCO BusinessWorks Salesforce.com Plug-in on JRE1.5.0 if certificates signed with a SHA-256 hash algorithm.
Feedback
Yes
No
Powered by
