I'm using Tibco BusinessWorks to consume a soap web service over an HTTPS connection.
The instructions boil down to:
--OR--
Use the BW_GLOBAL_TRUSTED_CA_STORE global variable to point to an external folder (file:///c:/tibco/certs) and put the certs there in pem format.
I've tried both ways, and still end up with the error below:
iaik.security.ssl.SSLException: Server certificate rejected by ChainVerifier
I've tried exporting them via firefox and IE. In different formats including all keys and individually, yet the error still persists.
Is there something more specific that I need to do or is there a way to turn up the debugging for the cert verifier? I've tried turning up the debug level for designer, but I'm not sure I'm doing that correctly.
Any help would be wonderful.
Thanks much!
The issue was not having the actual root certificate in the trusted certs path.
This was easily solved by exporting certificates using OpenSSL:
openssl s_client -showcerts -connect <domain>:443
and copying all the certificates from there.