Overview
After applying the IBM BPM v.8.5.7 Cumulative Fix CF201703 Brazos Portal stops working with certificate errors.
Background
iFix JR57300, included with IBM BPM 857 CF201703, "...[e]nforces the use of secure HTTPS for browser targeting web applications." This change is automatically applied when the cumulative fix is installed. If Brazos Portal was configured with a Base URL of http://localhost:<port>
the following errors will be recorded in the brazos_portal.log:
[ERROR] [com.bp3.portal.rest.Service]: Provider returned an error SSLConfigurationException: hostname in certificate didn’t match: != OR
at com.bp3.portal.util.HttpResource.performRequest(HttpResource.java:221)
at com.bp3.portal.provider.ibmbpm.IBMBPMResource.performRequest(IBMBPMResource.java:78)
at com.bp3.portal.util.HttpResource.performJSONRequest(HttpResource.java:147)
This error occurs because localhost
is not included in the trust store's certificate.
Solutions
- In single-node environments, set the Base URL to
https://<hostname>:<port>
for the "Base URL" value. In multi-node environments, the Base URL can point to a load balancer instead. - Starting with version 1.15.5 of Brazos Portal, the "Configure automatically" option is available. This option is designed to set the hostname automatically and is compatible with multi-node environments.
- It is a possibility to revert the automatic change in IBM to allow for http again, see the section "How can I revert this change?" of this DeveloperWorks article.
Comments
0 comments
Please sign in to leave a comment.