IBM webMethods Hybrid Integration

IBM webMethods Hybrid Integration

Join this online group to communicate across IBM product users and experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.


#TechXchangePresenter
 View Only

  • 1.  Certificate chain broken: not linked properly

    Posted Sun May 25, 2014 04:59 PM

    hello Everyone,

    We have just moved from Verisign CA to Entrust and I got this issue after my first cert renewal from Entrust CA. Below is the scenario of what I am facing :

    1. Got renewed server cert, Intermediate cert and CA root cert from Entrust site
    2. Placed and installed all cert on Webmethod window server
    3. COnfigured Outbound SSL and Ports connecting to DMZ servers with renewed Cert and CA signed cert names

    After performing all these steps, I am getting below errors,

    2014-05-25 13:52:33 CDT [ISC.0006.0004D] Error in SSL setup: [ISC.0009.9001] Certificate chain broken: not linked properly
    2014-05-25 13:52:33 CDT [ISP.0046.0019C] Unable to establish connection to the Reverse Gateway server 167.209.215.16:6464, Exception → Server certificate rejected by ChainVerifier.

    Here 167.209.215.16:6464 is my DMZ and internal Registration port 6464. I cross verified my Server/Chain and root cert. Not getting clue what went wrong. Please suggest on this asap

    Regards
    AKS


    #B2B-Integration
    #webMethods
    #Integration-Server-and-ESB


  • 2.  RE: Certificate chain broken: not linked properly

    Posted Mon May 26, 2014 02:34 AM

    Hi Anuj,

    As per Error guide explanation:

    ISC.0009.9001E – Certificate chain broken: not linked properly
    Explanation: The certificate chain is out of order.
    Action: Obtain a valid certificate chain.

    What is your format of certificate [Make sure your CA issues you a complete cert with its intermediate certificates too]?

    Try exporting it to IE and check the certificate chain.

    HTH.

    Thanks,
    Rankesh


    #B2B-Integration
    #webMethods
    #Integration-Server-and-ESB


  • 3.  RE: Certificate chain broken: not linked properly

    Posted Mon May 26, 2014 10:45 AM

    Do you have all the certificates in the chain? The Issuer CN in the lowest certificate should be Subject CN in the next level … till the CA Root certificate which will be self issued.

    Also i think webMethods IS accepts only .DER certifcates when used in chain.


    #webMethods
    #B2B-Integration
    #Integration-Server-and-ESB


  • 4.  RE: Certificate chain broken: not linked properly

    Posted Mon May 26, 2014 01:16 PM

    Hello Rankesh and DC,

    Yes I have already complete cert chain installed on my server in proper and correct order. The issue has been resolved however.

    ISSUE: The Certificate page for DMZ server had old server cert mapped with Verisign CA . Since the Internal registration port 6464 had “Request for Certificate” settings. It was picking old cert.

    SOLUTION: Mapped new cert with Valid user.

    Thanks everyone for your help


    #B2B-Integration
    #Integration-Server-and-ESB
    #webMethods


  • 5.  RE: Certificate chain broken: not linked properly

    Posted Thu May 29, 2014 04:28 PM

    which version of WM IS are you running?
    for newer ones, you need to load the whole chain into the *.jks key store file .
    I guess you don’t have the whole chain in it.


    #Integration-Server-and-ESB
    #webMethods
    #B2B-Integration


Related Content