cordovaibm-mobilefirstmobilefirst-adaptersworklight-serverworklight-security

IBM MobileFirst Platform v8.0 Https connection from MobileApplication


Am using MFP 8.0 which is configured in IBM Liberty WAS V17.0.0.2

Using sample application which is downloaded from the Mfpconsole download center am trying to access the default HTTPS port which is 9443 to access.

It was failed to access the mfpserver the below is my error,

errorCode:"UNEXPECTED_ERROR" errorMsg:"javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found."

So to test my server is working properly i tested the same with 9080 port it is working fine without any issues.

In my liberty server.xml, Am using the default key-store and i have added the below line

ssl id="defaultSSLConfig" keyStoreRef="defaultKeyStore" sslProtocol="SSL_TLSv2"

For sure am missing something to be done, guide me to fix this folks.Thanks in advance

Note: Am using the default keystore and cert which is generated when we start the Liberty node.


Solution

  • The default keystore contains a self signed certificate. This will not work in case of most new mobileOSes. In this scenario you need to create a custom keystore that contains a proper CA or a custom CA signed certificates, and configure the Application server to use this custom keystore.

    If your custom keystore contains well known CA issued certificates ( Verisign, DigiCert, GeoTrust etc), you will not need to add the root CA to the device. Device's certificate store contains most of these certificates. Otherwise, you need to export root CA and add it manually to the device certificate store.