In IBM BPM 8.5.x all the communication between Process Designer and Process Center is secured by default. Process Center server has to trust Process Designer client in order to successfully login. There is a trust.p12 file on the client in PD_INSTALL/etc folder and corresponding trust.p12 file in Process Center server in cell configuration directory under deployment manager profile.
When login into Process Designer you are getting an error:
If you look at .log file under the PD_install\workspace folder you will see an error similar to (below is the main caused by part of the error):
org.omg.CORBA.COMM_FAILURE: CAUGHT_EXCEPTION_WHILE_CONFIGURING_SSL_CLIENT_SOCKET: JSSL0130E: java.io.IOException: Signals that an I/O exception of some sort has occurred. Reason: Connection reset Remote Host: xx.xx.xx.xx Remote Port: 9405 vmcid: 0x49421000 minor code: 70 completed: No
This error is related to ORB communication between Process Designer and Process Center server and the way SSL trust store works in Websphere 8.5.
1) You may "touch" cell trust store in Websphere Admin console in Process Center environment. By "touch" in this case I mean removing and then re-adding back any of the certificates. After this you can try to re-login to Process Designer and it would work again.
2) You may restart Process center server and this error will go away as well.
3) From my personal experience solution from (1) and (2) would help in some cases but not all of the plus it might help for some time but you may get this error again and it's very intermittent. So, if you want to get this solved permanently then set the "httpProtocolOnly" setting in Process Center server to true as explained here:
This basically makes PD -> PC communication to be through HTTP/HTTPS calls only and eliminates the requirement for ORB/RMI.
Also, if you are using online Runtime servers that are connected to Process Center and you're using Process Designer Process Inspector to connect to those Runtime environments then you might want to enable this option on those Runtime servers as well to make this communication to be over http/https as well.
For what it's worth I have noticed that this setting not only resolves the main problem discussed in this article but it also speeds up some of the PD operations especially if you're connected to PD over VPN.