What is the reason of the error "java.security.InvalidKeyException: unknown key type passed to RSA" that can be observed after renewing the TIBCO Data Virtualization Server's certificate?
Article ID: KB0070801
Updated On:
| Products | Versions |
|---|---|
| TIBCO Data Virtualization | All supported versions. |
Description
The TIBCO Data Virtualization uses a self-signed certificate by default and a user can upgrade this certificate with a Certificate Authority (CA) signed certificate for added security. but, after changing the certificate the user can observe an error in scenarios like trying to login from the Studio to the Server, Opening a pre-existing datasource in the Studio, and in some other cases.
The observed error is:
The observed error is:
An internal error has occurred. Cause: java.security.InvalidKeyException: unknown key type passed to RSA [Log ID: cb6ef284-deef-4c83-9c34-a56015d433c9] Version Information: Studio 8.x.0.00x, Build ID Build: 4ae7f94335|2023-04-12, Server 8.x.0.00xThe reason for this error is explained below.
Issue/Introduction
This article will explain the reason why a user can observe the mentioned error after changing the TIBCO Data Virtualization Server's SSL certificate.
Environment
All Supported Environments.
Resolution
As the error suggests "unknown key type passed to RSA", the certificate uses an encryption method that is unknown/unsupported by TIBCO Data Virtualization.
To check the encryption algorithm used by the certificate, open the CA-signed certificate, under the 'Details' tab, here the parameter 'Public key' will mention the parent algorithm used, and the parameter 'Public key parameters' will state the exact sub-type of the algorithm.
For example, refer to below image. Here the parent type is ECC, and the sub-type is ECDSA_P256.
Now, this sub-type can be cross-checked whether it is a supported type, in the "Java Supported Cipher Suites" section of the Security Guide of that particular TIBCO Data Virtualization version being used.
If it is not a supported algorithm, then a request can be made to the Certificate Authority to provide a new certificate that uses a supported algorithm. The TIBCO Data Virtualization's default certificate uses the RSA algorithm.
To check the encryption algorithm used by the certificate, open the CA-signed certificate, under the 'Details' tab, here the parameter 'Public key' will mention the parent algorithm used, and the parameter 'Public key parameters' will state the exact sub-type of the algorithm.
For example, refer to below image. Here the parent type is ECC, and the sub-type is ECDSA_P256.
Now, this sub-type can be cross-checked whether it is a supported type, in the "Java Supported Cipher Suites" section of the Security Guide of that particular TIBCO Data Virtualization version being used.
If it is not a supported algorithm, then a request can be made to the Certificate Authority to provide a new certificate that uses a supported algorithm. The TIBCO Data Virtualization's default certificate uses the RSA algorithm.
Additional Information
1. Refer to the Security Guide: https://docs.tibco.com/pub/tdv/8.7.0/doc/pdf/TIB_tdv_8.7.0_SecurityFeaturesGuide.pdf?#page=25
2. The steps to configure a new SSL certificate in TIBCO Data Virtualization, refer to this KB: https://support.tibco.com/s/article/How-to-create-a-new-self-signed-SSL-certificate-and-configure-TIBCO-Data-Virtualization-to-use-the-certificate
2. The steps to configure a new SSL certificate in TIBCO Data Virtualization, refer to this KB: https://support.tibco.com/s/article/How-to-create-a-new-self-signed-SSL-certificate-and-configure-TIBCO-Data-Virtualization-to-use-the-certificate
Feedback
Yes
No
Powered by
