How to resolve SSL errors while registering TIBCO BusinessEvents Enterprise Administrator Agent (beteagent).

How to resolve SSL errors while registering TIBCO BusinessEvents Enterprise Administrator Agent (beteagent).

book

Article ID: KB0076244

calendar_today

Updated On:

Products Versions
TIBCO BusinessEvents Enterprise Edition -

Description

In an SSL enabled environment when BE TEA agent tries to perform auto registration task with TEA server, it fails and prints "BE teagent unable to register agent with name 'BE'"
To get more details on the error message Enabling ssl debug logs will print the following detailed error message.

Note: To enable the SSL debug logs , please include the 'java.property.javax.net.debug=ssl' property in the be-teagent.tra and restart the BE-TEA agent.

++++++
23 Jan 2020 17:03:55,355 UTC +0000 INFO main [com.tibco.tea.agent.be.BETEAAgentAutoRegistrationTask] - Performing TIBCO BusinessEvents Enterprise Administrator Agent Auto Registration Task
javax.net.ssl|DEBUG|01|main|2020-01-23 17:03:55.433 UTC|SSLCipher.java:437|jdk.tls.keyLimits:  entry = AES/GCM/NoPadding KeyUpdate 2^37. AES/GCM/NOPADDING:KEYUPDATE = 137438953472
javax.net.ssl|ERROR|44|HttpClient@1921417851-68|2020-01-23 17:03:55.745 UTC|TransportContext.java:313|Fatal (INTERNAL_ERROR): Fail to wrap application data (
"throwable" : {
java.lang.RuntimeException: Could not generate ECDH keypair
at java.base/sun.security.ssl.ECDHKeyExchange$ECDHEPossession.<init>(ECDHKeyExchange.java:117)
at java.base/sun.security.ssl.SSLKeyExchange$T13KeyAgreement.createPossession(SSLKeyExchange.java:575)
at java.base/sun.security.ssl.SSLKeyExchange.createPossessions(SSLKeyExchange.java:88)
at java.base/sun.security.ssl.KeyShareExtension$CHKeyShareProducer.produce(KeyShareExtension.java:263)
at java.base/sun.security.ssl.SSLExtension.produce(SSLExtension.java:532)
at java.base/sun.security.ssl.SSLExtensions.produce(SSLExtensions.java:249)
at java.base/sun.security.ssl.ClientHello$ClientHelloKickstartProducer.produce(ClientHello.java:648)
at java.base/sun.security.ssl.SSLHandshake.kickstart(SSLHandshake.java:515)
at java.base/sun.security.ssl.ClientHandshakeContext.kickstart(ClientHandshakeContext.java:107)
at java.base/sun.security.ssl.TransportContext.kickstart(TransportContext.java:228)
at java.base/sun.security.ssl.SSLEngineImpl.writeRecord(SSLEngineImpl.java:167)
++++++

Environment

TIBCO BusinessEvents Enterprise Edition 5.6.x All Operating Systems

Resolution

The issue was because of missing cryptography (Oracle Elliptic Curve Cryptography) library during the installation of BE 5.6.x.
Mainly SunEC library was missing in the TIBCO_HOME and its needed for EC KeyPairGenerator.

To resolve this issue , please select "Oracle Elliptic Curve Cryptography Library SP 1" during the Installation of BE 5.6.x
This will add the missing cryptography library that are needed for the KeyPairGeneration security algorithm.

Issue/Introduction

Resolving SSL errors while registering BusinessEvents Enterprise Administrator Agent.
Powered by Wolken Software