Certificates rejected by ChainVerifier still exists even when certificates are correctly downloaded.

Certificates rejected by ChainVerifier still exists even when certificates are correctly downloaded.

book

Article ID: KB0085479

calendar_today

Updated On:

Products Versions
TIBCO ActiveMatrix BusinessWorks -
Not Applicable -

Description

Description:
When certificates are correctly downloaded but the security vendor is using default Entrust, there is still errors in the log:"Server certificate rejected by ChainVerifier".
Symptoms:
Activity invocation failed
at com.tibco.pe.plugin.Activity.postEval(Unknown Source)
at com.tibco.pe.plugin.Activity.postEval(Unknown Source)
at com.tibco.pe.core.TaskImpl.eval(Unknown Source)
at com.tibco.pe.core.Job.a(Unknown Source)
at com.tibco.pe.core.Job.k(Unknown Source)
at com.tibco.pe.core.JobDispatcher$JobCourier.a(Unknown Source)
at com.tibco.pe.core.JobDispatcher$JobCourier.run(Unknown Source)
caused by: com.sun.jersey.api.client.ClientHandlerException: iaik.security.ssl.SSLException: Server certificate rejected by ChainVerifier
at com.sun.jersey.client.urlconnection.URLConnectionClientHandler.handle(URLConnectionClientHandler.java:149)
at com.sun.jersey.api.client.filter.GZIPContentEncodingFilter.handle(GZIPContentEncodingFilter.java:120)
at com.tibco.plugin.json.rest.adaptor.RESTReqeustAdaptor.handle(RESTReqeustAdaptor.java:41)
at com.tibco.plugin.json.rest.adaptor.RESTReqeustAdaptor.handle(RESTReqeustAdaptor.java:41)
at com.sun.jersey.api.client.Client.handle(Client.java:648)
at com.sun.jersey.api.client.filter.HTTPBasicAuthFilter.handle(HTTPBasicAuthFilter.java:81)
at com.sun.jersey.api.client.WebResource.handle(WebResource.java:670)
at com.sun.jersey.api.client.WebResource.access$200(WebResource.java:74)
at com.sun.jersey.api.client.WebResource$Builder.get(WebResource.java:503)
at com.tibco.plugin.json.activities.RestActivity.doGet(RestActivity.java:379)
at com.tibco.plugin.json.activities.RestActivity.doService(RestActivity.java:365)
at com.tibco.plugin.json.activities.RestActivity$1.run(RestActivity.java:309)
at com.tibco.pe.util.ThreadPool$ThreadPoolThread.run(Unknown Source)
Caused by: iaik.security.ssl.SSLException: Server certificate rejected by ChainVerifier
at iaik.security.ssl.g.f(Unknown Source)
at iaik.security.ssl.g.d(Unknown Source)
at iaik.security.ssl.f.c(Unknown Source)
at iaik.security.ssl.SSLTransport.startHandshake(Unknown Source)
at iaik.security.ssl.SSLSocket.startHandshake(Unknown Source)
at iaik.security.jsse.net.IAIKSSLSocketWrapper.startHandshake(Unknown Source)
at iaik.security.jsse.net.IAIKSSLSocketWrapper.getOutputStream(Unknown Source)
at com.tibco.security.providers.TIBCOSSLSocketWrapper.getOutputStream(TIBCOSSLSocketWrapper.java:154)
at sun.net.www.http.HttpClient.openServer(Unknown Source)


Cause:
The security vendor Entrust does not support the certificates format while J2SE can.

Issue/Introduction

Certificates rejected by ChainVerifier still exists even when certificates are correctly downloaded.

Resolution

Change security vendor to J2SE.

Additional Information


Powered by Wolken Software