You may have already heard, but the default certificates provided with Gateway/XSR for certain versions expired yesterday, causing many people grief. Because of the way it was posted on the forum, the RSS feed didn’t pick it up as a new post, so I’ve provided the text below. If anybody has insight on the easiest way to go about all of the key generation please chime in with a comment or shoot me an e-mail using info @ axwayuser dot com.

Dear Axway users,

If you are using Gateway 6.8.5 SP8 or higher, Gateway 6.9.1 SP6 or higher with SecureRelay 2.1.0 and the defaults Axway Secure Relay certificates delivered as samples

you will be facing an error on connection attempt from the Master Agent to the Router Agent with the following error into the <Gateway>/xsr/Master.log

CODE
main ERROR RouterAgentContext : [RA001] Communicator raised and exception during HANDSHAKE
java.nio.channels.ClosedChannelException

at sun.nio.ch.SocketChannelImpl.ensureWriteOpen(SocketChannelImpl.java:125)

at sun.nio.ch.SocketChannelImpl.write(SocketChannelImpl.java:294)

at com.axway.niocore.communicator.SSLCommunicator.writeBuffer(SSLCommunicator.java:
397)

at com.axway.niocore.communicator.SSLCommunicator.writeEvent(SSLCommunicator.java:3
66)

at com.axway.niocore.NIOCore.run(NIOCore.java:319)

at com.axway.xsr.agent.master.MasterAgentImpl.run(MasterAgentImpl.java:88)

at com.axway.xsr.agent.master.frontend.gtwlegacy.GatewayFrontend.<init>(GatewayFrontend.java:52)

at com.axway.xsr.agent.master.frontend.gtwlegacy.EntryPoint.<init>(EntryPoint.java:120)

at com.axway.xsr.agent.master.frontend.gtwlegacy.EntryPoint.main(EntryPoint.java:41
)

This error is due to the fact that our samples certificates delivered with the product have expired on the 4th of February 2009 .

In order to solve this issue, you will have to create news certificates:

- One CA certificate

- One User certificate signed by the CA for the master agent

- Update XSR configuration from the IHM > Configure XSR with new certificates and password

- One User certificate signed by the CA for the router agent

- Update configuration.xml file from conf folder with new certificates

- Encrypt the user certificate password with the SRencryptPwd.sh|bat script

> SRencryptPwd.bat|sh path/to/pwd.txt <RouterHome>/certs/DefaultPwd.dat

/!\ The file pwd.txt contains clear password and only the password - it MUST NOT contain any blank, carriage return, new line character ( CRLF )

/!\ If the password is encrypted from a file containing new line character the RouterAgent will not start and will have error on the router.log

- On Unix prefer the following command: “printf password > pwd.txt

- On Windows use a smart text editor which can display and remove carriage return character

A technical article including new sample certificates will be available on our support WebSite

Should you need any assistance feel free to contact support center

Thanks

Axway Support