Skip to content

Import SSL Certificates into WebSphere Trust Store

  • April 3, 2019
  • No Responses
  • April 3, 2019
  • No Responses
Ever tried to connect your Maximo system with an external secured URL? By default, WebSphere is designed not to trust secured external URLs. It will only allow the connection if an administrator specifically instructs WebSphere to do so by importing the certificate into its Trust Store. Here are some examples of where this may be useful:
  • Connection to a GIS REST service for integrating GIS data with Maximo
  • Connection to a secured Office 365 Email server
  • Connection to a financial system, such as SAP, that uses secured APIs to communicate
  • Connection to an SMS service for texting users when certain system events occur
… and there are many more. 
Here is the message you may encounter:


BMXAA1477E - The connection failed to the HTTP handler for the endpoint. Review the error and server log files for information to indicate the cause of the issue, for example, incorrect properties in the DefaultHTTPExit.java handler class. 
com.ibm.jsse2.util.j: PKIX path building failed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is: 
java.security.cert.CertPathValidatorException: The certificate issued by CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2 is not trusted; internal cause is: 
java.security.cert.CertPathValidatorException: Certificate chaining
Look familiar? Let’s fix it.
  1. Log into WebSphere as an administrative user.
  2. Click on the Security > SSL Certificate and Key Management link in the left navigation pane.
  3. Click on the Related Items > Key stores and certificates link on the right side of the main pane.
  4. Click on the CellDefaultTrustStore item in the table.
  5. Click on the Additional Properties > Signer certificates link on the right side.
  6. Click on the Retrieve from Port button.
  7. Fill out the Host, Port and Alias fields. For example:
    1. Host: www.google.com
    2. Port: 443
    3. Alias: www.google.com
  8. Press the Retrieve signer information button. Ensure that the values seem reasonably correct (i.e. you don’t get an error back.)
  9. Press the OK button.
  10. Click the Save to Master Configuration link.
  11. Press the OK button after the changes have been synchronized with all of the nodes.
At this point you’ll need to restart Maximo, your node agents, and your deployment manager for the changes to take effect. From here forward, Maximo will now trust that URL and allow the connection.  

Share This

Alex

Alex

Related Posts

ibm_maximo_managed_service_predictive_maintenance_reliability_enhancements_it_support_configuration_maximo_as_a_service_cmms_system_patching_environment_upgrade_troubleshoot_change_management_automation_script_report_software_deployment_integration_data_loading_analysis_bug_fix_enterprise_asset
Automations with Selenium IDE
While automations themselves were developed to mitigate repetitive and time consuming tasks, ironically...
ibm_mxmobile_maximo mobile_app_application_suite_report_maintenance_reliability_industry_4_work_order_enterprise_asset_management_inventory_perform_count_log_time_create_meter_reading_shipping_and_recieving_mobility_admin_service_request_issue_parts_material_approve_task_job_plan_software_upgrade
MxMobile Update February 2023 Release
A3J Group is happy to announce the latest MxMobile releases below. The releases will be available on...
IBM-Maximo-stop-list-item-troubleshooting-database-search-e1636560926489
Using a Global System Properties in an Automation Script
Maximo has a neat feature where you can set any value in the global property, and it will default to...

No Responses

No comment yet, add your voice below!

Add a Comment