Skip to content

Import SSL Certificates into WebSphere Trust Store

Ever tried to connect your Maximo system with an external secured URL? By default, WebSphere is designed not to trust secured external URLs. It will only allow the connection if an administrator specifically instructs WebSphere to do so by importing the certificate into its Trust Store. Here are some examples of where this may be useful:
  • Connection to a GIS REST service for integrating GIS data with Maximo
  • Connection to a secured Office 365 Email server
  • Connection to a financial system, such as SAP, that uses secured APIs to communicate
  • Connection to an SMS service for texting users when certain system events occur
… and there are many more.
Here is the message you may encounter:


BMXAA1477E - The connection failed to the HTTP handler for the endpoint. Review the error and server log files for information to indicate the cause of the issue, for example, incorrect properties in the DefaultHTTPExit.java handler class. 
com.ibm.jsse2.util.j: PKIX path building failed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is: 
java.security.cert.CertPathValidatorException: The certificate issued by CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2 is not trusted; internal cause is: 
java.security.cert.CertPathValidatorException: Certificate chaining
Look familiar? Let’s fix it.
  1. Log into WebSphere as an administrative user.
  2. Click on the Security > SSL Certificate and Key Management link in the left navigation pane.
  3. Click on the Related Items > Key stores and certificates link on the right side of the main pane.
  4. Click on the CellDefaultTrustStore item in the table.
  5. Click on the Additional Properties > Signer certificates link on the right side.
  6. Click on the Retrieve from Port button.
  7. Fill out the Host, Port and Alias fields. For example:
    1. Host: www.google.com
    2. Port: 443
    3. Alias: www.google.com
  8. Press the Retrieve signer information button. Ensure that the values seem reasonably correct (i.e. you don’t get an error back.)
  9. Press the OK button.
  10. Click the Save to Master Configuration link.
  11. Press the OK button after the changes have been synchronized with all of the nodes.
At this point you’ll need to restart Maximo, your node agents, and your deployment manager for the changes to take effect. From here forward, Maximo will now trust that URL and allow the connection.  

Share This

Related Posts

how_to_enable_the_print_button_in_ibm_maximo
How to Enable Print Functionality in IBM Maximo
How to enable the print button in Maximo.   By default, Maximo only allows the MAXADMIN group to have...
WBENC Anoounement thumbnail
IBM-Maximo-pull-mbo-automation-script-long-description-A3J-Group-blog-e1643805259790
Customizing Ad Hoc Reports
We all want to make our Maximo reports as informative and readable as possible, but sometimes the available...

No Responses

No comment yet, add your voice below!


Add a Comment