Unable to create a second BPM Node when using a custom certificate for BPM in an SSL environment
Article ID: KB0090032
Updated On:
| Products | Versions |
|---|---|
| TIBCO BPM Enterprise (formerly TIBCO ActiveMatrix BPM) | - |
| Not Applicable | - |
Description
Resolution:
Description:
============
Creating a BPM Cluster
SSL is enabled for the HTTP port and a certificate is imported (not using the default "Self-signed Certificate")
The creation of the second BPMNode (TCT option "Configure TIBCO ActiveMatrix BPM server Node Type") fails with the error:
Caused by: com.tibco.trinity.runtime.core.provider.credential.keystore.KeystoreException: com.tibco.trinity.runtime.core.provider.credential.keystore.KeystoreRuntimeException: com.tibco.trinity.runtime.core.provider.credential.keystore.KeystoreRuntimeException: Unable to retrieve keystore from URL(s) '/opt/amx3share2/bpm/keystores/install-server-store.jks'; errors were java.io.FileNotFoundException: /opt/amx3share2/bpm/keystores/install-server-store.jks at /opt/amx3share2/bpm/keystores/install-server-store.jks .
at com.tibco.trinity.runtime.core.provider.credential.keystore.JavaKeystore.validate(JavaKeystore.java:1084)
at com.tibco.trinity.runtime.core.provider.credential.keystore.KeyStoreCredentialLoginModule.initialize(KeyStoreCredentialLoginModule.java:163)
... 33 more
Caused by: com.tibco.trinity.runtime.core.provider.credential.keystore.KeystoreRuntimeException: com.tibco.trinity.runtime.core.provider.credential.keystore.KeystoreRuntimeException: Unable to retrieve keystore from URL(s) '/opt/amx3share2/bpm/keystores/install-server-store.jks'; errors were java.io.FileNotFoundException: /opt/amx3share2/bpm/keystores/install-server-store.jks at /opt/amx3share2/bpm/keystore
Environment:
============
o BPM 2.0.0 when importing a certificate for the BPM Client Configuration
o BPM 2.1.0 when importing a certificate for the BPM Client Configuration
Cause:
======
The location of the keystore is defined in the Substitution Variable "tibco.bpm.client.keystore"
The first BPMNode is created (TCT option "Create TIBCO ActiveMatrix Server") and the tibco.bpm.client.keystore is set correctly on the following AMX objects:
BPM Environment
BPMNode
the second BPMNode is created (TCT option "Configure TIBCO ActiveMatrix BPM server Node Type") however the tibco.bpm.client.keystore is incorrectly set on the second BPMNode.
The tibco.bpm.client.keystore substitution variable is set to the default value (BPM_SHAREA_AREA/keystores/install-server-store.jks).
The error occurs as the BPM install is using imported (non-default) certificate/ keystore.
The default keystore does exist and a FileNotFoundException exception is generated.
Resolution:
===========
With the TCT option "Create TIBCO ActiveMatrix Server" the BPM keystore is configured in the TCT file bpm-installer.properties
The followng is an example of the lines in the file.
tibco.bpm.client.autogeneratekeystore=false
tibco.bpm.client.enablessl=true
tibco.bpm.client.keystorelocation=/opt/amx3share2/bpmkey.jks
tibco.bpm.client.keystoretype=JKS
tibco.bpm.client.keystorepassword=#!xxrx3BLPMnP1Fvpwm7uIyVRpq8ygq/+g
tibco.bpm.client.keyalias=bpmhttpkey
tibco.bpm.client.keypassword=#!3wWCNYY44SGvANAxY2WExVRabDp0vzii
The TCT option "Configure TIBCO ActiveMatrix BPM server Node Type" does not provide the facility to configure the BPM keystore.
The imported certificate / keystore is not configured in the TCT file bpm-nodetype.properties
The resolution is to add the "tibco.bpm.client*" lines from the bpm-installer.properties to the bpm-nodetype.properties file.
After adding the lines, run the TCT ant scripts to create the TIBCO ActiveMatrix BPM server Node Type
Description:
============
Creating a BPM Cluster
SSL is enabled for the HTTP port and a certificate is imported (not using the default "Self-signed Certificate")
The creation of the second BPMNode (TCT option "Configure TIBCO ActiveMatrix BPM server Node Type") fails with the error:
Caused by: com.tibco.trinity.runtime.core.provider.credential.keystore.KeystoreException: com.tibco.trinity.runtime.core.provider.credential.keystore.KeystoreRuntimeException: com.tibco.trinity.runtime.core.provider.credential.keystore.KeystoreRuntimeException: Unable to retrieve keystore from URL(s) '/opt/amx3share2/bpm/keystores/install-server-store.jks'; errors were java.io.FileNotFoundException: /opt/amx3share2/bpm/keystores/install-server-store.jks at /opt/amx3share2/bpm/keystores/install-server-store.jks .
at com.tibco.trinity.runtime.core.provider.credential.keystore.JavaKeystore.validate(JavaKeystore.java:1084)
at com.tibco.trinity.runtime.core.provider.credential.keystore.KeyStoreCredentialLoginModule.initialize(KeyStoreCredentialLoginModule.java:163)
... 33 more
Caused by: com.tibco.trinity.runtime.core.provider.credential.keystore.KeystoreRuntimeException: com.tibco.trinity.runtime.core.provider.credential.keystore.KeystoreRuntimeException: Unable to retrieve keystore from URL(s) '/opt/amx3share2/bpm/keystores/install-server-store.jks'; errors were java.io.FileNotFoundException: /opt/amx3share2/bpm/keystores/install-server-store.jks at /opt/amx3share2/bpm/keystore
Environment:
============
o BPM 2.0.0 when importing a certificate for the BPM Client Configuration
o BPM 2.1.0 when importing a certificate for the BPM Client Configuration
Cause:
======
The location of the keystore is defined in the Substitution Variable "tibco.bpm.client.keystore"
The first BPMNode is created (TCT option "Create TIBCO ActiveMatrix Server") and the tibco.bpm.client.keystore is set correctly on the following AMX objects:
BPM Environment
BPMNode
the second BPMNode is created (TCT option "Configure TIBCO ActiveMatrix BPM server Node Type") however the tibco.bpm.client.keystore is incorrectly set on the second BPMNode.
The tibco.bpm.client.keystore substitution variable is set to the default value (BPM_SHAREA_AREA/keystores/install-server-store.jks).
The error occurs as the BPM install is using imported (non-default) certificate/ keystore.
The default keystore does exist and a FileNotFoundException exception is generated.
Resolution:
===========
With the TCT option "Create TIBCO ActiveMatrix Server" the BPM keystore is configured in the TCT file bpm-installer.properties
The followng is an example of the lines in the file.
tibco.bpm.client.autogeneratekeystore=false
tibco.bpm.client.enablessl=true
tibco.bpm.client.keystorelocation=/opt/amx3share2/bpmkey.jks
tibco.bpm.client.keystoretype=JKS
tibco.bpm.client.keystorepassword=#!xxrx3BLPMnP1Fvpwm7uIyVRpq8ygq/+g
tibco.bpm.client.keyalias=bpmhttpkey
tibco.bpm.client.keypassword=#!3wWCNYY44SGvANAxY2WExVRabDp0vzii
The TCT option "Configure TIBCO ActiveMatrix BPM server Node Type" does not provide the facility to configure the BPM keystore.
The imported certificate / keystore is not configured in the TCT file bpm-nodetype.properties
The resolution is to add the "tibco.bpm.client*" lines from the bpm-installer.properties to the bpm-nodetype.properties file.
After adding the lines, run the TCT ant scripts to create the TIBCO ActiveMatrix BPM server Node Type
Issue/Introduction
Unable to create a second BPM Node when using a custom certificate for BPM in an SSL environment
Feedback
Yes
No
Powered by
