IBM MobileFirst adapter call ssl error

1
votes

I am trying to get json data from an application via an http adapter of IBM mobilefirst.

The app is accessible with https and i get this ssl error:

"Runtime: Http request failed: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateExpiredException: NotAfter: Sat Jul 26 21:15:15 EEST 2014"

This is the xml of the adapter:

<wl:adapter name="test2"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xmlns:wl="http://www.ibm.com/mfp/integration"
xmlns:http="http://www.ibm.com/mfp/integration/http">    
<displayName>test2</displayName>
<description>test2</description>
<connectivity>
<connectionPolicy xsi:type="http:HTTPConnectionPolicyType">
<protocol>https</protocol>
<domain>www.mydomain-company.gr</domain>
<port>443</port>    
<connectionTimeoutInMilliseconds>30000</connectionTimeoutInMilliseconds>
<socketTimeoutInMilliseconds>30000</socketTimeoutInMilliseconds>            
<maxConcurrentConnectionsPerNode>50</maxConcurrentConnectionsPerNode>
<!-- Following properties used by adapter's key manager for choosing specific certificate from key store  
<sslCertificateAlias></sslCertificateAlias> 
<sslCertificatePassword></sslCertificatePassword>
-->     
</connectionPolicy>
</connectivity>    
<procedure name="getDDD"/>      
</wl:adapter>

and here is the js:

function getDDD() {
    var identity = Base64.encode("myuser:mypass"); //i have a base64 function above that i have not pasted here. It works it is tested in other apps.
    var path = "/part1/part2/ddd.nsf/rest.xsp/ddd";
    var input = {
            method : 'get',
            returnedContentType : 'json',
            path : path,

            headers: {Authorization: "Basic "+identity}
    };

    return WL.Server.invokeHttp(input);
}

If i call the same url from my browser i get the data and checking the https info i see that the certificate expires in 2016.

I have also checked using java keytool the expiration date of the certificate in the jks file of mobile first server in the path:

C:\path1\path2\\MobileFirstServerConfig\servers\worklight\resources\security\key.jks

and it is not expired.

Is it a problem of mobile first server or the target server's certificate?

My steps so far in order to configure ssl: 1) went to /MobileFirstServerConfig\servers\worklight\resources\security and created a new key.jks with a new certificate using java keytool. I named the cerificate default just as it was the name in the old key.jks file.

2)exported the certificate from this jks

3)imported the certificate into default.keystore file in the project under server/conf folder

4) worklight.properties file:

MobileFirst SSL keystore

#

SSL certificate keystore location. ssl.keystore.path=conf/default.keystore

SSL certificate keystore type (jks or PKCS12) ssl.keystore.type=jks

SSL certificate keystore password. ssl.keystore.password=worklight

5) server.xml file:

<keyStore id="defaultKeyStore" password="worklight"/>

i ve also tried to put "default" as id.

1
sslhttpsibm-mobilefirstmobilefirst-server
How you did export the cert from backend and import it into mobile first server keystore? - Pavel Leonov
I have done nothing regarding keystores. everything is as downloaded from eclipse. Do i have to create one? If yes, please send me details. (how to create and where to import it) Thnx! - mike_x_
"downloaded from eclipse"? - Idan Adar

1 Answers

0
votes

You did not configure SSL between the adapter and the backend.
The keystore that you should be looking at is defined in the worklight.properties file of the project (by default located like this: workspace\CustomLoginModule\server\conf).

Make sure to follow the instructions provided here: https://www-01.ibm.com/support/knowledgecenter/SSZH4A_6.2.0/com.ibm.worklight.installconfig.doc/admin/t_configuring_SSL_WL_adapters_backend_servers_certificates.html