Troubleshooting
Problem
WPG fails the SSL handshake with the gateway server issuing the following error message in the bcg_router.log: - ERROR [SSLPoster] [Gw_2_0] - com.ibm.bcg.util.BcgException: Certpath is not valid . The above error is usually preceded by the following debug statements: - DEBUG [CertPathUtil] [Gw_22_2] - Verifying the certification path ... - DEBUG [CertPathUtil] [Gw_22_2] - CertPathValidatorException : The revocation status of the certificate with subject (CN=xxx.yyy.zzz, OU=Terms of use at www.verisign.com/rpa (c)00, OU=aaa, O=bbb, L=ccc, ST=ddd, C=ee) could not be determined.
Cause
This problem occurs when the CRL check is enabled but WPG fails the certpath validation due to one of the following reasons:
1 - Failure to access the CRL locally, in <WPG_install_path>\common\security\crl
2 - Failure to access the CRL remotely, via the URL specified in the certificate
3 - Success to access the URL but failure to find the referenced CRL in the specific distribution point
Resolving The Problem
This problem can be addressed in one of the following ways:
1 - Locally: Making the CRL available in <WPG_install_path>\common\security\crl
2 - Remotely: Enabling the CRL Distribution Points running the bcgSetCRLDP.jacl script, as documented in the Hub Configuration Guide chapter 13, section "Enabling access to CRL distribution points"
If the above do not resolve the error, then disable the revocation check setting property: "bcg.checkRevocationStatus=false" in the properties files of both receiver and router:
- Receiver: <WPG_install_path>\bcghub\receiver\lib\config\bcg_receiver.properties
- Router: <WPG_install_path>\bcghub\router\lib\config\bcg.properties
Was this topic helpful?
Document Information
Modified date:
16 June 2018
UID
swg21258385