question

Upvotes
Accepted
carlosrodrigo.arce avatar image
3 2 5 5

Keystore Certificate (Expired)

Hi team,

Im using EMA to connect to RCC and make contributions, everything was working right but since yesterday i cant connect due to certificate expiration, i tried to make another keystore and same problem is showing.

I've checked the certificate and it says valid until 2029

i created keystore.jks following example in :
Building a keystore file to be used with an HTTPS (or ENCRYPTED) connection type for real-time Java-based APIs | Refinitiv Developers

I used comodo certificate as mentioned

*** Important updated on October 2018: The TRCC servers now use a certificate from comodo, please download it from "http://crt.comodoca.com/COMODORSAOrganizationValidationSecureServerCA.crt" instead. ***


Steps to create keystore and import certificate


Code where i used keystore


Error

Error text Error initializing channel: errorId=-1 text=Invalid certificate (Expired): NotAfter: Sat May 30 05:48:38 CDT 2020


Any idea what can i do?

how i know when the certificate will not be anymore valid since i can see that it expires until 2029?

elektronrefinitiv-realtimeelektron-sdkrrtema-apielektron-message-apirefinitiv-realtime-sdkcertificatekey-store
icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

4 Answers

Upvotes
Accepted
mitchell.kato avatar image
261 1 2 3

I was contacted directly by Carlos, and we determined that he needs to contact the owners of the RCC product for help.

icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

carlosrodrigo.arce avatar image carlosrodrigo.arce

Right, issue has been solved, it seems it was a trouble in the aws platform some changes were causing the problem so they did a rollback, but now everything is working

Upvotes
mitchell.kato avatar image
261 1 2 3

What version of EMA Java are you running, and what JVM version are you using?

EMA Java 3.5.1.L1/RTSDK version 1.5.1.L1 was enhanced to not require a specific jks file. Instead, it will pull the JVM's default JKS file if no file is specified in the EMA config. Java JRE ships with compatible Sectigo/Comodo certificates used by Refinitiv.

For JVM, please make sure that you are running at least the equivalent to Java JRE 8u51: https://support.sectigo.com/articles/Knowledge/Sectigo-AddTrust-External-CA-Root-Expiring-May-30-2020

Thanks,

Mitchell


icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Upvotes
carlosrodrigo.arce avatar image
3 2 5 5

Im using EMA Java 3.6.0.0 and Java SKD 8u261 Java JRE 8u281

Still having the same error if file is not specified

the thing is that everthing was working and yesterday for no reason that error was showing

icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

wasin.w avatar image wasin.w

Hello @mitchell.kato

Could you please help the client on this follow up question?

Upvote
Gurpreet avatar image
16.7k 42 12 19

There was an expired intermediate certificate in the RCC certificate chain, which was affecting older OpenSSL 1.0 based clients. This issue has now been fixed and should all be working.

icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.