0
votes

Am using MFP 8.0 which is configured in IBM Liberty WAS V17.0.0.2

Using sample application which is downloaded from the Mfpconsole download center am trying to access the default HTTPS port which is 9443 to access.

It was failed to access the mfpserver the below is my error,

errorCode:"UNEXPECTED_ERROR" errorMsg:"javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found."

So to test my server is working properly i tested the same with 9080 port it is working fine without any issues.

In my liberty server.xml, Am using the default key-store and i have added the below line

ssl id="defaultSSLConfig" keyStoreRef="defaultKeyStore" sslProtocol="SSL_TLSv2"

For sure am missing something to be done, guide me to fix this folks.Thanks in advance

Note: Am using the default keystore and cert which is generated when we start the Liberty node.

1
<ssl id="defaultSSLConfig" keyStoreRef="defaultKeyStore" sslProtocol="SSL_TLSv2"/> the line which i added in my liberty server.xml - Karthikayan - KKN
The default keystore contains a self signed certificate. This will not work in case of most new mobileOSes. Have you tried a keystore that contains a proper CA or a custom CA signed certificates? In case of proper CA , you will not need to add the root CA to the device. Otherwise, you need to - Vivin K
yes thanks vivin this resolves one, but here is the other issue for token registration it getting failed will give a brief about it, WLAuthorizationManager.obtainAccessToken() .then( function (accessToken) { titleText.innerHTML = "Yay!"; statusText.innerHTML = "Connected to MobileFirst Server"; }, function (error) { titleText.innerHTML = "Bummer..."; statusText.innerHTML = "Failed to connect to MobileFirst Server"; } ); }, for this snippet am getting to failure when i use the https:<ip>:9443. - Karthikayan - KKN
When you say "resolves one", what did it resolve? Were you able to connect to the server ? - Vivin K
Goes in without this error "Trust anchor for certification path not found". i tried the above code now i got the "Invalid request" - Karthikayan - KKN

1 Answers

0
votes

The default keystore contains a self signed certificate. This will not work in case of most new mobileOSes. In this scenario you need to create a custom keystore that contains a proper CA or a custom CA signed certificates, and configure the Application server to use this custom keystore.

If your custom keystore contains well known CA issued certificates ( Verisign, DigiCert, GeoTrust etc), you will not need to add the root CA to the device. Device's certificate store contains most of these certificates. Otherwise, you need to export root CA and add it manually to the device certificate store.