Thursday 4 February 2016

IBM BPM - General SSLEngine problem

I saw this earlier today: -

...
com.ibm.websphere.sca.ServiceRuntimeException: <soapenv:Body xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><soapenv:Fault><faultcode>soapenv:Server</faultcode><faultstring>javax.net.ssl.SSLHandshakeException: General SSLEngine problem</faultstring></soapenv:Fault></soapenv:Body>

whilst trying to test a newly created IBM BPM component.

I'm using IBM Integration Designer (IID), which has a built-in Integration Test Environment (ITE), which is really just a standalone, single server BPM Process Server.

My BPM component, an SCA module, makes a call to a Web Service hosted on a separate, external, IBM ODM Rules Decision Server ( aka Hosted Transparent Decision Service ) : -


Given that I was making a call from one WAS to another, I worked on the assumption that SSL was the problem - yes, the message does kinda imply that.

I proved this by updating the binding of the BPM SCA Import component from the HTTPS URL to: -


This, of course, worked, thus validating my hypothesis.

I then retrieved the SSL Signer Certificate that the ODM Decision Server  presented into the WAS trust store: -

cellID=AdminControl.getCell() 
AdminTask.retrieveSignerFromPort('[-keyStoreName NodeDefaultTrustStore -keyStoreScope (cell):'+cellID+' -host odm851.uk.ibm.com -port 9444 -certificateAlias ODM -sslConfigScopeName (cell):'+cellID+' ]') 
AdminConfig.save() 
AdminNodeManagement.syncActiveNodes() 


and re-tried my BPM process.

This time, of course, it worked OK :-)

Easy when you know how :-)

No comments:

Note to self - use kubectl to query images in a pod or deployment

In both cases, we use JSON ... For a deployment, we can do this: - kubectl get deployment foobar --namespace snafu --output jsonpath="{...