Brazos Portal stops working after applying IBM BPM 857 CF201703

Follow

Overview

After applying the IBM BPM v.8.5.7 Cumulative Fix CF201703 Brazos Portal stops working with certificate errors.

Background

iFix JR57300, included with IBM BPM 857 CF201703, "...[e]nforces the use of secure HTTPS for browser targeting web applications." This change is automatically applied when the cumulative fix is installed. If Brazos Portal was configured with a Base URL of http://localhost:<port> the following errors will be recorded in the brazos_portal.log:

[ERROR] [com.bp3.portal.rest.Service]: Provider returned an error SSLConfigurationException: hostname in certificate didn’t match: != OR
at com.bp3.portal.util.HttpResource.performRequest(HttpResource.java:221)
at com.bp3.portal.provider.ibmbpm.IBMBPMResource.performRequest(IBMBPMResource.java:78)
at com.bp3.portal.util.HttpResource.performJSONRequest(HttpResource.java:147)

This error occurs because localhost is not included in the trust store's certificate.

Solutions

  • In single-node environments, set the Base URL to https://<hostname>:<port> for the "Base URL" value. In multi-node environments, the Base URL can point to a load balancer instead.
  • Starting with version 1.15.5 of Brazos Portal, the "Configure automatically" option is available. This option is designed to set the hostname automatically and is compatible with multi-node environments.
  • It is a possibility to revert the automatic change in IBM to allow for http again, see the section "How can I revert this change?" of this DeveloperWorks article.
Have more questions? Submit a request

Comments

Powered by Zendesk