Tibco SOAP request over https - SSL certificate verification problem

Nathan picture Nathan · Jun 24, 2009 · Viewed 19k times · Source

I'm using Tibco BusinessWorks to consume a soap web service over an HTTPS connection.

The instructions boil down to:

  1. Export certificates using a web browser.
  2. Use the Tools->Trusted Certificates->Import PEM format to folder within the project.
  3. In the SSL Config of the Transport Details tab, point to the trusted certs folder you imported them to.

--OR--

Use the BW_GLOBAL_TRUSTED_CA_STORE global variable to point to an external folder (file:///c:/tibco/certs) and put the certs there in pem format.

I've tried both ways, and still end up with the error below:

iaik.security.ssl.SSLException: Server certificate rejected by ChainVerifier

I've tried exporting them via firefox and IE. In different formats including all keys and individually, yet the error still persists.

Is there something more specific that I need to do or is there a way to turn up the debugging for the cert verifier? I've tried turning up the debug level for designer, but I'm not sure I'm doing that correctly.

Any help would be wonderful.

Thanks much!

Answer

Nathan picture Nathan · Jul 7, 2009

The issue was not having the actual root certificate in the trusted certs path.

This was easily solved by exporting certificates using OpenSSL:

openssl s_client -showcerts -connect <domain>:443

and copying all the certificates from there.