Unable to start JMS Connection Alias in IS due to bad Certificate?

Hi,

I am currently facing the issue that I cannot start the JMS Connection Aliases in the 2 affected IS (wM 9.5 SP1).

Both IS have the same Fix Level.

On other ISes (both 7.1.x and 9.5 SP1) I have the identically named JMS Connection Aliases running using identically named certificates.

Only difference is that the path names to those certificates not working contain a “-” (a dash) in the name.
But this dash works for normal Broker Connection as well as for the underlying JNDI-Alias as well as for the complete Broker SSL configuration (incl. generation of the naming directories). PE_NONTRANSACTIONAL_ALIAS is also working with this path name.

JNDI-Provider is WmJMSNaming, JMS-Provider is Broker.
OS is Solaris Sparc V10 for both wM Versions.

Should it be the case, that this dash in the path name causes these problems?

Please help to identify and workaround.

Regards,
Holger

Did you mean that you are unable to enable the JMS Connection Alias Name??

Any errors can you share it.

Hi Thomsen,

If you are sure that issue is with certificate naming then kindly change the certificate name on both IS’s, test and let us know your observations.

@Mahesh:

yes.
I am able to create the Connection Alias but I am not able to enable it.

Here is the ErrorMessage:
com.wm.app.b2b.server.jms.JMSSubsystemException: [ISS.0134.9064] Error creating connection: javax.jms.JMSSecurityException: [BRM.10.5061] JMS: SSL certificate “/opt/webmd/xyz/OPENSSL-TST/BrokerClient_cert.p12”: bad certificate. [Linked Exception] java.lang.RuntimeException: java.lang.RuntimeException: java.lang.RuntimeException: -42

@MR as173d:
Reconfiguring the Name is not easy to do as this needs to be done in the file system on 2 boxes, in the Broker (incl. JNDI and JMS configuration) via MWS, the MWS and the IS at several locations.

Usually the path is like “/opt/webmd/xyz/OPENSSL/BrokerClient_cert.p12”, but currently I have to deal with 2 differen OPENSSL configurations on the same systems. Therefor the path was modified to “/opt/webmd/xyz/OPENSSL-TST/BrokerClient_cert.p12” to distinguish them. The certificate (and its CN) is valid and working, but unluckily not for the JMS Connection Alias with the modified path.

Regards,
Holger