Failed to import participant certificate with error: java.security.SignatureException: Signature does not match

Failed to import participant certificate with error: java.security.SignatureException: Signature does not match

book

Article ID: KB0072997

calendar_today

Updated On:

Products Versions
TIBCO BusinessConnect 7.2.x

Description

While importing partner's certificates into the general keystore under Participant > Partner > Credentials, the following error message is seen in the admin GUI

===

"Credential Save failed. Error during examining a certificate: could not find trusted CA certificate with DN 'C=XX, O=XX, OU=XX, CN=XX' that signed certificate with DN 'C=XX, O=XX, OU=XX, CN=XX "
===


In addition, the following exception occurs when the complete certificate chain is exported from the earlier BusinessConnect version and imported in BusinessConnect 7.2.x:

===

"Credential Save failed. Error in examining the PKCS7 envelope: java.security.SignatureException: Signature does not match."

===

Issue/Introduction

Failed to import participant certificate with error: java.security.SignatureException: Signature does not match

Environment

All platforms

Resolution

- Please verify whether the root CA certificate is configured in the CA Store (BusinessConnect > System Settings > Certificate Store).

- This issue may also be caused due to the signature algorithm 'RSASSA-PSS' which is used to sign the certificates. RSASSA-PSS is a very old signature algorithm, and it is not supported for TLS 1.2 as well as the security library 'BouncyCastle' which is used in BusinessConnect 7.2.x. Hence, to resolve such issues, please ask the trading partner to provide new certificates that are signed with an SHA signature algorithm (for eg. SHA256withRSA) and try to import these certificates.