Overview

After applying the IBM BPM v.8.5.7 Cumulative Fix CF201703 Brazos Portal stops working with certificate errors.

Background

iFix JR57300, included with IBM BPM 857 CF201703, "...[e]nforces the use of secure HTTPS for browser targeting web applications." This change is automatically applied when the cumulative fix is installed. If Brazos Portal was configured with a Base URL of http://localhost:<port> the following errors will be recorded in the brazos_portal.log:

[ERROR] [com.bp3.portal.rest.Service]: Provider returned an error SSLConfigurationException: hostname in certificate didn’t match: != OR
at com.bp3.portal.util.HttpResource.performRequest(HttpResource.java:221)
at com.bp3.portal.provider.ibmbpm.IBMBPMResource.performRequest(IBMBPMResource.java:78)
at com.bp3.portal.util.HttpResource.performJSONRequest(HttpResource.java:147)

This error occurs because localhost is not included in the trust store's certificate.

Solutions

• In single-node environments, set the Base URL to https://<hostname>:<port> for the "Base URL" value. In multi-node environments, the Base URL can point to a load balancer instead.
• Starting with version 1.15.5 of Brazos Portal, the "Configure automatically" option is available. This option is designed to set the hostname automatically and is compatible with multi-node environments.
• It is a possibility to revert the automatic change in IBM to allow for http again, see the section "How can I revert this change?" of this DeveloperWorks article.