BPM to BAC Gateway via SSL Problem (1275 Views)
Reply
Trusted Contributor
Dave D.
Posts: 330
Registered: ‎12-06-2007
Message 1 of 8 (1,275 Views)

BPM to BAC Gateway via SSL Problem

Hello,

I'm wanting to configure BPM to communicate to BAC via SSL. All other data collectors are succesfully using SSL to BAC Gateway, so this problem exists for BPM only.

I have my cert in PEM Base-64 encoded format:

-----BEGIN CERTIFICATE-----
MIIF/jCCBOagAwIBAgIKFJLGOwAAAALlvjANBgkqhkiG9w0BAQUFADBbMRMwEQYK
CZImiZPyLGQBGRYDY29tMRcwFQYKCZImiZPyLGQBGRYHd2NibWFpbjEVMBMGCgmS
JomT8ixkARkWBXdjYmJjMRQwEgYDVQQDEwtWQ0VSVFAzM1NDQTAeFw0xMTA1MTEx
OTUwMjRaFw0xMzA1MTAxOTUwMjRaMIGOMQswCQYDVQQGEwJDQTELMAkGA1UECBMC
QkMxETAPBgNVBAcTCFJpY2htb25kMRMwEQYDVQQKEwpXb3JrU2FmZUJDMSQwIgYD
VQQLExt2bWd0ZDA0b3Yud2NiYmMud2NibWFpbi5jb20xJDAiBgNVBAMTG3ZtZ3Rk
MDRvdi53Y2JiYy53Y2JtYWluLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
gYEArtV2umHtMClNGDvozdr4kogetYbSEpSGsJSsdRxyUr2/Ykja9NvtkW/mD6s1
XuBNnCvzPkibAGteKuNVCppaWlfg6isj5j1Clt4mkvqL2eUtHDIMYixE7FG0ZPsf
w/B0DmJl7hhAjhwiBjESFxyW3EwUSXptbOdDr+fGH7Ie920CAwEAAaOCAxIwggMO
MAsGA1UdDwQEAwIFoDBEBgkqhkiG9w0BCQ8ENzA1MA4GCCqGSIb3DQMCAgIAgDAO
BggqhkiG9w0DBAICAIAwBwYFKw4DAgcwCgYIKoZIhvcNAwcwEwYDVR0lBAwwCgYI
KwYBBQUHAwEwHQYDVR0OBBYEFKTUgR7K52RU619g0TiZLd7KU+uuMB8GA1UdIwQY
MBaAFCwWEshJigKEXPqNgVUXA/SEQVTPMIIBEQYDVR0fBIIBCDCCAQQwggEAoIH9
oIH6hoG2bGRhcDovLy9DTj1WQ0VSVFAzM1NDQSxDTj1WQ0VSVFAzM1NDQSxDTj1D
RFAsQ049UHVibGljJTIwS2V5JTIwU2VydmljZXMsQ049U2VydmljZXMsQ049Q29u
ZmlndXJhdGlvbixEQz13Y2JtYWluLERDPWNvbT9jZXJ0aWZpY2F0ZVJldm9jYXRp
b25MaXN0P2Jhc2U/b2JqZWN0Q2xhc3M9Y1JMRGlzdHJpYnV0aW9uUG9pbnSGP2h0
dHA6Ly92Y2VydHAzM3NjYS53Y2JiYy53Y2JtYWluLmNvbS9DZXJ0RW5yb2xsL1ZD
RVJUUDMzU0NBLmNybDCCASoGCCsGAQUFBwEBBIIBHDCCARgwgaoGCCsGAQUFBzAC
hoGdbGRhcDovLy9DTj1WQ0VSVFAzM1NDQSxDTj1BSUEsQ049UHVibGljJTIwS2V5
JTIwU2VydmljZXMsQ049U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixEQz13Y2Jt
YWluLERDPWNvbT9jQUNlcnRpZmljYXRlP2Jhc2U/b2JqZWN0Q2xhc3M9Y2VydGlm
aWNhdGlvbkF1dGhvcml0eTBpBggrBgEFBQcwAoZdaHR0cDovL3ZjZXJ0cDMzc2Nh
LndjYmJjLndjYm1haW4uY29tL0NlcnRFbnJvbGwvVkNFUlRQMzNTQ0Eud2NiYmMu
d2NibWFpbi5jb21fVkNFUlRQMzNTQ0EuY3J0MCEGCSsGAQQBgjcUAgQUHhIAVwBl
AGIAUwBlAHIAdgBlAHIwDQYJKoZIhvcNAQEFBQADggEBAIfnp4/1KkDaYB9fygbO
jI9wE0+xTkg/wykmdJhTAWrAbtQtC/KQnz2xOIHbeanHKQ5siK1fkVezd0RgtvZf
+lcmql3A7z+Eg7fP3n58Z6X4ghLlMkZT1mUWJLw6J5EiIwL5L6vFuhln4WyiTwhA
ywTtqM/zZUc1fuSEdfLuo4Y61q5m0YAavDkHwKbyaA48rnwgaBFYIDv6Xvapdc4d
7r2+TQ32anVwgFjL9RJgibNEx6g9Lww4HrwRHw1ORfrkeQ1Jzsig/4lH5eKW54+D
HkrzQQH2WieBxCkqyuEMl6Gcfvi9i4HNoTl2ho9HJvG26PFqqo2LKNXRqxTjG53a
PYo=
-----END CERTIFICATE-----

I edit my Instance in BPM Admin console, change Gateway URL to reflect HTTPS and insert the path on my BPM machine to the PEM file in the "SSL authority certificate file: " field (i.e. C:\cert.pem).

The error on ths instance when I restart it is: Problems with the SSL CA certificate.

I can successfully navigate to https:\topaz from IE on the BPM machine.

The controller log:

7/05/2011 12:46:37 FLOW Register: Agent: 'Agent1' for site 'Site1' with url: HTTPS://vmgtd04ov.wcbbc.wcbmain.com/topaz.
17/05/2011 12:46:37 FLOW Register: Name: vmgtd02ov-RDCMS2, location: Richmond, BC, version: 8.05.
17/05/2011 12:46:37 FLOW Register: Ip: 10.2.204.161
17/05/2011 12:46:37 FLOW Register: GMT Bias: 480
17/05/2011 12:46:37 WARNING SiteResponse: an error when trying to communicate with site 'Site1': "Problems with the SSL CA certificate."
17/05/2011 12:46:37 ERROR Error occurred in 'scomm response callback':
SiteResp: Agent "Agent1" failed to register to site Site1 from configuration file

What could be wrong here?

Thanks!
Respected Contributor
Santosh.Nayak
Posts: 343
Registered: ‎02-01-2011
Message 2 of 8 (1,258 Views)

Re: BPM to BAC Gateway via SSL Problem

I think the certificate should include the full certificate chain. It should have the Root CA and any other cert that would make up the certificate hierarchy, i think.
Trusted Contributor
Dave D.
Posts: 330
Registered: ‎12-06-2007
Message 3 of 8 (1,258 Views)

Re: BPM to BAC Gateway via SSL Problem

The full cert path is visible when I change the file extenstion to cer and open it in Windows.

Any other suggestions out there?
Respected Contributor
Santosh.Nayak
Posts: 343
Registered: ‎02-01-2011
Message 4 of 8 (1,258 Views)

Re: BPM to BAC Gateway via SSL Problem

As far as I remember, at a customer I had put all the certs for the trust path in the same file and only then it worked. Something like this.

-----BEGIN CERTIFICATE-----
Root ca cert here
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
Intermediate cert
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
BAC server side cert
-----END CERTIFICATE-----

See this from the hardening guide:
The file can consist of the server-side certificate itself, or the certificate of the CA that issued the server-side certificate, or all certificates required for the trust path (all certificates must be placed in the same PEM file).


Try and see if it works.
Trusted Contributor
Dave D.
Posts: 330
Registered: ‎12-06-2007
Message 5 of 8 (1,258 Views)

Re: BPM to BAC Gateway via SSL Problem

Well I tried that and the new error was "SSL Connection Failed" (having all 3 certs, root, intermediate, and bac server side).

I also tried just having the root CA cert, the error was again "SSL Connection Failed".

?
Frequent Advisor
10forever
Posts: 47
Registered: ‎04-07-2012
Message 6 of 8 (1,033 Views)

Re: BPM to BAC Gateway via SSL Problem

Hiii,

do you find a solution this issue. I'm facing the same problem and could not find a solution.

 

 

Advisor
KonstantinovE
Posts: 10
Registered: ‎08-08-2011
Message 7 of 8 (1,002 Views)

Re: BPM to BAC Gateway via SSL Problem

Hi,

 

To be completly sure that you are using proper cert please follow the instruction for uptaining  root ca cert:

 

1. go to you BAC and cert details:

1.jpg

2. go to certs certification path and click on root cert:

2.jpg

3.go root certs details and export it:

3.jpg

 

Also please check what chipher your BAC accepts:

in WebServer/conf/extra/httpd-ssl.conf

cipher.jpg

Thanks,
------------------------------
Evgeniy
HP BSM EUM UKR QA
Occasional Visitor
HasanKatman
Posts: 1
Registered: ‎11-12-2012
Message 8 of 8 (606 Views)

Re: BPM to BAC Gateway via SSL Problem

The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.