Here is what you might have (Oops, sorry):
Http request failed: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
FWLSE0101E: Caused by: [project bond]javax.net.ssl.SSLPeerUnverifiedException: peer not authenticatedjava.lang.RuntimeException: Http request failed: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
at com.worklight.adapters.http.HTTPConnectionManager.execute(HTTPConnectionManager.java:241)
at com.worklight.adapters.http.HttpClientContext.doExecute(HttpClientContext.java:185)
at com.worklight.adapters.http.HttpClientContext.execute(HttpClientContext.java:169)
at com.worklight.adapters.http.HTTP.execRequest(HTTP.java:146)
at com.worklight.adapters.http.HTTP.invoke(HTTP.java:135)
at com.worklight.integration.model.ProcedureInvoker.invokeProcedure(ProcedureInvoker.java:57)
Assumption
- You have installed openssl tool on your machine- You have keytool installed together with Java in your machine
- This tutorial aims to help developers to setup their local development environment, specifically on Mac OS X, with WAS Liberty profile.
Way to go
Retrieve the public certificate from the server to which your adapters are connecting.
There are several ways to do this but since you have openssl installed, simply use it
- Try to connect to the_remote_server:port using openssl on you console:
$openssl s_client -connect the_remote_server:port
- The command will result some information displayed on your console. Capture the certificate information:
- Create a text file (name it server_cert.cer), and copy the cert information displayed in the previous step, into the file, including -----BEGIN CERTIFICATE---- and -----END CERTIFICATE-----
- You now have the cert file at: path_to_your_cert_file/server_cert.cer
Add the cert into your Worklight Server’s JRE’s keystore.
- First, you need to locate the place where the keystore file placed. In your Worklight studio, to go Preferences settings:
Then go to Server >> Runtime Environments >> Select the server >> Edit
- In this case, the_path_to_keystore will be:
/Library/Java/JavaVirtualMachines/jdk1.7.0_17.jdk/Contents/Home/jre/lib/security/cacerts
- Use keytool to import the server_cert.cer into the keystore:
$keytool -import -trustcacerts -alias "an_alias" -keystore the_path_to_keystore -file path_to_your_cert_file/server_cert.cer
- Enter password of the keystore, default one is “changeit”, type “yes” if asked.
- Check if the cert is actually added in:
$keytool -list –keystore the_path_to_keystore
Add non self-signed cert to Worklight Server’s keystore
With SSL cert that is not self-signed, you still need to add it to the keystore which is being used by your Worklight Server at least. Assuming you already retrieved the cert with the method described in section 1. Below are some more steps to go:
Go to the Worklight Server’s configuration to locate where the keystore is:
- You get the location of the keystore in the Location text field above (worklight_keystore_path)
- Use keytool to import the cert into the keystore:
$keytool -import -alias an_alias -file path_to_your_cert_file/ server_cert.cer -keystore worklight_keystore_path
- Restart your Worklight Server
No comments:
Post a Comment