Certificate Problem bad record mac

, ,
1

We uploaded a new pub (CER and renamed to DER using certificate toolkit) certificate from partner. We are getting com.wm.app.b2b.server.ServiceException: java.io.IOException: iaik.security.ssl.SSLException: Server certificate rejected by ChainVerifier error. It seems that the partner never updated their pub certificate. Now Partner updated their pub certificate, but we are still getting the same error. We instructed the partner to use the webMethods certificate toolkit to generate the DER and send to us. We used the new DER certificate that was generated by the webMethods certificate toolkit, but it’s still not working. Now we are getting a different error com.wm.app.b2b.server.ServiceException: java.io.IOException: iaik.security.ssl.SSLException: Peer sent alert: Alert Fatal: bad record mac.
We need to resolved this ASAP as we have many transactions failing in production.
Any clues ?

2

If you are getting this error while importing, then the certificate file format is wrong, if you can successfully import the certificate and map to the user then do the following:

  1. Verify the serial number of the (imported public) certificate from the partner is same as the one partner is using. You can look at the serial number in IS webAdmin (Security > Certificates > Client Certificates > Details )

  2. Make sure you also trust your partner Root CA & any intermediate CAs by placing them in <server>/config/certs/CA.

  3. Also confirm with your partner that certificate chain (Root CA, Public Key and Private key) is stored in the correct location while establishing SSL session.

3

Kolappan, Thanks for the pointers. We got this issue resolved and just wanna share my experience.The problem was at Trading Partner’s end.Basically it was private and public key mismatch. They were using old private key with new public key.Asked thm to generate new private key using webMethods Certificate Toolkit and get a new public key from Verisign. Found out,rebooting the IS is must once you update the private and public key on IS. After reboot it started working fine !