Worklight Adapter Mutual SSL

1
votes

Followed steps to integrate Worklight with backend system. In 5.0.6 adapters should support mutual SSL.

  1. Import cert into default.keystore with alias named cert1
  2. Modified adapter's sslCertificateAlias as cert1

When using Worklight Studio to run deployed adapter connecting with server, it is complaining about "Unable to find certificate chain with alias: 'cert1'".

What are the steps missing?

3
sslcertificateibm-mobilefirstmobilefirst-adapters

3 Answers

3
votes

Check "ssl.keystore.*" properties in "worklight.properties" file, after it check if the cert exists in the keystore file using keytool:

keytool -list -keystore default.keystore

Here is are steps to configure mutual SSL between adapter and backend server with self signed certificates:

  1. generate adapter's private key in "default.keystore" and export its public certificate
  2. import adapter's certificate into backend truestore file

in case backend hasn't CA signed certificate:

  1. generate backend's private key in its keystore file and export public certificate
  2. import backend's public certificate into "default.keystore" file on WL server
1
votes

Check worklight.properties file. Make sure that ssl related setting point to a default.keystore.

0
votes

Figured out yesterday. Have to config certificate chain in proper way.

All certifications (server cert, first level cert and root cert) have to combine into one in special order and import with private key into keystore. Then use one alias name so that Worklight adapter could find it.