Gateway Server won't start after updating EMS certificate
Article ID: KB0071292
Updated On:
| Products | Versions |
|---|---|
| TIBCO BusinessConnect | 7.x |
Description
After updating the X.509 certificate in BC to use EMS over TLS in the Intercomponent settings, the Gateway Server will not start.
The GS log will show something similar to this:
2023-04-17 15:57:34,436(ERROR)]GatewayServer com.tibco.ax.gs.runtime.GatewayRuntimeException: Failed to initialize JMS transport.
at com.tibco.ax.gs.runtime.GatewayServer.initDmzRv(GatewayServer.java:290)
at com.tibco.ax.gs.runtime.GatewayServer.init(GatewayServer.java:112)
at com.tibco.ax.gs.runtime.GatewayServer.(GatewayServer.java:73)
at com.tibco.ax.gs.runtime.GatewayServer.Startup(GatewayServer.java:676)
Caused by: Error in examining the PKCS7 envelope: Error during processing certificate(s): Certificate with issuer 'CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US' and serial # 'a95f618dc0338095988d0ccb9359609' is no longer valid beyond Fri Apr 14 18:59:59 CDT 2023.
at com.tibco.ax.gs.runtime.GatewayServer.getInterCompJMSTransport(GatewayServer.java:265)
at com.tibco.ax.gs.runtime.GatewayServer.initDmzRv(GatewayServer.java:286)
It will appear to be using the old certificate even though the new one is configured in the JMS configuration screen in the BC deployment, and a "Connected Successfully" message appears when you click on the "Test Connection" button.
Issue/Introduction
Environment
Resolution
To resolve the issue:
1. Copy the settings of the current GS token and save for the new token
2. Delete the token in the Admin GUI and on the GS server(s).
3. Create a new token with the settings from step one, and deploy the new token onto the GS servers.
Feedback
