Description:

- Customer gets only a cer file,key.p8 file and password for the key file. By using a server certificate, the customer generated the "cacerts.jks" file through keytool/openssl.

- Customer configured the "identity" activity using cacerts.jks/password (same password while creating .jks) file type as JKS.

- Then above is used for Dual SSL on the Soap client side (as client identity). 

Error, "A security error while trying to load the certificate [[Identity.id] ]" when customer uses self-generated JKS file as client identity for Double SSL Auth.

The appears to be a JKS and key format issue.

1). Setting security vendor "j2se" maywork :java.property.TIBCO_SECURITY_VENDOR=j2se.

This would solve issues like the following, which is a key/cert format issue:

--------------------------------------------------------------------------------
Cannot load the certificate [Identity.id] in the trusted store [Trusted Certificates/]. The following exception was thrown: com.tibco.security.AXSecurityException - No certificates encoded in supported ways were found
com.tibco.security.AXSecurityException: unsupported format: PEM
--------------------------------------------------------------------------------

2). If the above fails, try using a supported format for the identity file, i.e, p12 file instead of JKS.

.p12 file can be generated from the cer file and key.p8 file by using the following commands in openssl:
   ---------------------------------------------------------------
openssl x509 -in mwsit.etisalat.ae.cer -inform PAM -out mwsit.etisalat.ae.pem -outform PEM
 
openssl pkcs8 -inform DER -in key.p8 -out customer.pem
 
openssl pkcs12 -export -in mwsit.etisalat.ae.pem -out ClientCert.p12 -inkey customer.pem
   --------------------------------------------------------------- 

SR 489751