Keystore Certificate (Expired)
Hi team,
Im using EMA to connect to RCC and make contributions, everything was working right but since yesterday i cant connect due to certificate expiration, i tried to make another keystore and same problem is showing.
I've checked the certificate and it says valid until 2029
i created keystore.jks following example in :
Building a keystore file to be used with an HTTPS (or ENCRYPTED) connection type for real-time Java-based APIs | Refinitiv Developers
I used comodo certificate as mentioned
*** Important updated on October 2018: The TRCC servers now use a certificate from comodo, please download it from "http://crt.comodoca.com/COMODORSAOrganizationValidationSecureServerCA.crt" instead. ***
Steps to create keystore and import certificate
Code where i used keystore
Error
Error text Error initializing channel: errorId=-1 text=Invalid certificate (Expired): NotAfter: Sat May 30 05:48:38 CDT 2020
Any idea what can i do?
how i know when the certificate will not be anymore valid since i can see that it expires until 2029?
I was contacted directly by Carlos, and we determined that he needs to contact the owners of the RCC product for help.
Right, issue has been solved, it seems it was a trouble in the aws platform some changes were causing the problem so they did a rollback, but now everything is working
What version of EMA Java are you running, and what JVM version are you using?
EMA Java 3.5.1.L1/RTSDK version 1.5.1.L1 was enhanced to not require a specific jks file. Instead, it will pull the JVM's default JKS file if no file is specified in the EMA config. Java JRE ships with compatible Sectigo/Comodo certificates used by Refinitiv.
For JVM, please make sure that you are running at least the equivalent to Java JRE 8u51: https://support.sectigo.com/articles/Knowledge/Sectigo-AddTrust-External-CA-Root-Expiring-May-30-2020
Thanks,
Mitchell
Im using EMA Java 3.6.0.0 and Java SKD 8u261 Java JRE 8u281
Still having the same error if file is not specified
the thing is that everthing was working and yesterday for no reason that error was showing
Hello @mitchell.kato
Could you please help the client on this follow up question?
There was an expired intermediate certificate in the RCC certificate chain, which was affecting older OpenSSL 1.0 based clients. This issue has now been fixed and should all be working.