Tibco SOAP request over https - SSL certificate verification problem

Question

Hello,

I'm using Tibco BusinessWorks to consume a soap web service over an HTTPS connection.

The instructions boil down to:

1. Export certificates using a web browser.
2. Use the Tools->Trusted Certificates->Import PEM format to folder within the project.
3. In the SSL Config of the Transport Details tab, point to the trusted certs folder you imported them to.

--OR--

Use the BW_GLOBAL_TRUSTED_CA_STORE global variable to point to an external folder (file:///c:/tibco/certs) and put the certs there in pem format.

I've tried both ways, and still end up with the error below:

iaik.security.ssl.SSLException: Server certificate rejected by ChainVerifier

I've tried exporting them via firefox and IE. In different formats including all keys and individually, yet the error still persists.

Is there something more specific that I need to do or is there a way to turn up the debugging for the cert verifier? I've tried turning up the debug level for designer, but I'm not sure I'm doing that correctly.

Any help would be wonderful.

Thanks much!

Answer 1

The issue was not having the actual root certificate in the trusted certs path.

This was easily solved by exporting certificates using OpenSSL:

openssl s_client -showcerts -connect <domain>:443

and copying all the certificates from there.

Answer 2

No need to keep certificates in your BW Project.

Just give your certificates path to GV, BW_GLOBAL_TRUSTED_CA_STORE and go to your process where you are using the soap request reply pallette and give the reference of the global variable in trusted certificate path and save the process.

Then run your BW Process