Thursday, 4 February 2016

IBM BPM - General SSLEngine problem

I saw this earlier today: -

...
com.ibm.websphere.sca.ServiceRuntimeException: <soapenv:Body xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><soapenv:Fault><faultcode>soapenv:Server</faultcode><faultstring>javax.net.ssl.SSLHandshakeException: General SSLEngine problem</faultstring></soapenv:Fault></soapenv:Body>

whilst trying to test a newly created IBM BPM component.

I'm using IBM Integration Designer (IID), which has a built-in Integration Test Environment (ITE), which is really just a standalone, single server BPM Process Server.

My BPM component, an SCA module, makes a call to a Web Service hosted on a separate, external, IBM ODM Rules Decision Server ( aka Hosted Transparent Decision Service ) : -


Given that I was making a call from one WAS to another, I worked on the assumption that SSL was the problem - yes, the message does kinda imply that.

I proved this by updating the binding of the BPM SCA Import component from the HTTPS URL to: -


This, of course, worked, thus validating my hypothesis.

I then retrieved the SSL Signer Certificate that the ODM Decision Server  presented into the WAS trust store: -

cellID=AdminControl.getCell() 
AdminTask.retrieveSignerFromPort('[-keyStoreName NodeDefaultTrustStore -keyStoreScope (cell):'+cellID+' -host odm851.uk.ibm.com -port 9444 -certificateAlias ODM -sslConfigScopeName (cell):'+cellID+' ]') 
AdminConfig.save() 
AdminNodeManagement.syncActiveNodes() 


and re-tried my BPM process.

This time, of course, it worked OK :-)

Easy when you know how :-)

No comments:

Yay, VMware Fusion and macOS Big Sur - no longer "NAT good friends" - forgive the double negative and the terrible pun ...

After macOS 11 Big Sur was released in 2020, VMware updated their Fusion product to v12 and, sadly, managed to break Network Address Trans...