After applying the IBM BPM v.8.5.7 Cumulative Fix CF201703 Brazos Portal stops working with certificate errors.
iFix JR57300, included with IBM BPM 857 CF201703, "...[e]nforces the use of secure HTTPS for browser targeting web applications." This change is automatically applied when the cumulative fix is installed. If Brazos Portal was configured with a Base URL of
http://localhost:<port> the following errors will be recorded in the brazos_portal.log:
[ERROR] [com.bp3.portal.rest.Service]: Provider returned an error SSLConfigurationException: hostname in certificate didn’t match: != OR
This error occurs because
localhost is not included in the trust store's certificate.
- In single-node environments, set the Base URL to
https://<hostname>:<port>for the "Base URL" value. In multi-node environments, the Base URL can point to a load balancer instead.
- Starting with version 1.15.5 of Brazos Portal, the "Configure automatically" option is available. This option is designed to set the hostname automatically and is compatible with multi-node environments.
- It is a possibility to revert the automatic change in IBM to allow for http again, see the section "How can I revert this change?" of this DeveloperWorks article.