Keystore Certificate (Expired)

carlosrodrigo.arce

Hi team,

Im using EMA to connect to RCC and make contributions, everything was working right but since yesterday i cant connect due to certificate expiration, i tried to make another keystore and same problem is showing.

I've checked the certificate and it says valid until 2029

i created keystore.jks following example in :
Building a keystore file to be used with an HTTPS (or ENCRYPTED) connection type for real-time Java-based APIs | Refinitiv Developers

I used comodo certificate as mentioned

*** Important updated on October 2018: The TRCC servers now use a certificate from comodo, please download it from "http://crt.comodoca.com/COMODORSAOrganizationValidationSecureServerCA.crt" instead. ***

Steps to create keystore and import certificate

Code where i used keystore

Error

Error text Error initializing channel: errorId=-1 text=Invalid certificate (Expired): NotAfter: Sat May 30 05:48:38 CDT 2020

Any idea what can i do?

how i know when the certificate will not be anymore valid since i can see that it expires until 2029?

mitchell.kato

I was contacted directly by Carlos, and we determined that he needs to contact the owners of the RCC product for help.

mitchell.kato

What version of EMA Java are you running, and what JVM version are you using?

EMA Java 3.5.1.L1/RTSDK version 1.5.1.L1 was enhanced to not require a specific jks file. Instead, it will pull the JVM's default JKS file if no file is specified in the EMA config. Java JRE ships with compatible Sectigo/Comodo certificates used by Refinitiv.

For JVM, please make sure that you are running at least the equivalent to Java JRE 8u51: https://support.sectigo.com/articles/Knowledge/Sectigo-AddTrust-External-CA-Root-Expiring-May-30-2020

Thanks,

Mitchell

carlosrodrigo.arce

Im using EMA Java 3.6.0.0 and Java SKD 8u261 Java JRE 8u281

Still having the same error if file is not specified

the thing is that everthing was working and yesterday for no reason that error was showing

wasin.w

Hello @mitchell.kato

Could you please help the client on this follow up question?

mitchell.kato

I was contacted directly by Carlos, and we determined that he needs to contact the owners of the RCC product for help.

carlosrodrigo.arce

Right, issue has been solved, it seems it was a trouble in the aws platform some changes were causing the problem so they did a rollback, but now everything is working

Gurpreet

There was an expired intermediate certificate in the RCC certificate chain, which was affecting older OpenSSL 1.0 based clients. This issue has now been fixed and should all be working.