IBM MFP Calling a JS adapter procedure from a JS adapter cause SSLHandshakeException by IHS
I have two javascript adapter:adapterA、adapterB
And I need call adapterA after that the adapterA will call adapterB(use MFP.Server.invokeProcedure, in the same mfp server) using this API
when I call in mfp localhost, it works
http://localhost:9080/mfp/api/adapters/AdapterA/test
then I call https after I import mfp cer to jre cacerts
It works fine too
https://localhost:443/mfp/api/adapters/AdapterA/test
My question is I have IHS Server to redirect mfp services
when I call api by IHS http url
http://{domain}/mfp/api/adapters/AdapterA/test
It works
when I call api by IHS https url
https://{domain}/mfp/api/adapters/AdapterA/test
mfp server will get error like this:
com.ibm.mfp.server.js.adapter.internal.JavascriptManagerImpl E FWLST0904E: Exception was thrown while invoking procedure: test in adapter: adapterB java.lang.RuntimeException: javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.j: PKIX path building failed: com.ibm.security.cert.IBMCertPathBuilderException: unable to find valid certification path to requested target at com.ibm.mfp.server.js.adapter.internal.invocation.JavaScriptIntegrationLibraryImplementation.invokeProcedure(JavaScriptIntegrationLibraryImplementation.java:255)
but my IHS plugin only set http
how can I resolve this issue and avoid this issue
thanks
When the MobileFirst server creates the request to reach adapter B, the default behaviour is to frame the request, based on the URL of the currently executing request. That is, it uses the request originally used to reach adapter A, to frame the request to reach the target adapter B.
It works well in case 1, where the webserver is accessed using a "http://.." URL. In case 2, where MFP1 has to make an outbound call to the webserver using the "https://.." URL, it needs to first complete a SSL Handshake with the webserver. In case the MFP1 JVM lacks the certificates of the webserver, it fails to establish SSL Handshake and can lead to the error you saw.
In your case, there are two approaches you can take:
- Choose to keep the adapter A to adapter B call internal to MFP1. This prevents the outbound "https://" call and you will not see the problem. Additionally, this helps in keeping the travel time shorter and also prevent a new connection on the webserver. To enable this setting, use the JNDI property
mfp.adapter.invocation.url. For instance, if you set the value of this property to "http://localhost:9080/mfp", adapter B will be invoked as "http://localhost:9080/mfp/api/adapters/adapterB". The call stays local. More details on this property here. - If you wish to retain the request to adapter B go through the webserver using the secure endpoint, then you should ensure the webserver's root certificates are made available to the MFP1 JVM's trust store so that SSL handshake can be established successfully.
- Is there a new schema location for websphere ibm-web-bnd.xml?
- SLF4J: Failed to load class "org.slf4j.impl.StaticLoggerBinder"
- selecting all rows from a database using JPA in WebSphere
- Websphere Application Server JVM Logs
- AppSrv01 doesnt have write permission
- How can i add this user to allowed to put messages to the queue manager from a JMS application
- @Transactional doesn't work with @Async in Websphere
- Deploying a Ear and Web application under IBM RAD and IBM Websphere but SSL error can't get rid of
- How does a WebSphere or any Application server clustering work?
- Rapid Application Developer - difference between "Publish" and "Republish"
- Cannot find class org.springframework.web.context.support.ServletContextPropertyPlaceholderConfigurer
- Websphere not directing request to proxy server on response.sendRedirect
- Calculating average wait time per message in a topic with PromQL
- Using Mojarra 2.2 with WebSphere 9
- Not able to login to IBM websphere console
- Set the JAXB context factory initialization class to be used
- I get the `DSRA9122E: com.ibm.ws.rsadapter.jdbc.WSJdbcConnection@d3t7e556 does not wrap any objects of type oracle.jdbc.OracleConnection
- Why do I get SQLCODE=-204, SQLSTATE=42704 with DB2 LUW and WebSphere App Server?
- J2CA0138E:The message endpoint activation failed for ActivationSpec jndi/GG01(com.ibm.mq.connector.inbound.ActivationSpecImpl)
- iText hangs in adding element to document in WebSphere
- loading constraint violation when resolving method "javax/imageio/metadata/IIOMetadata.getAsTree(Ljava/lang/String;)Lorg/w3c/dom/Node
- JSF App: Second server request not submitted to server after upgrade from WAS 8.5 to 9.0
- XDoclet-based Stateless Session Bean Compatibility Issue: ClassCastException in WebSphere 9.0.5
- ClassCastException using EclipseLink DescriptorCustomizer API in Liberty
- Deploy springboot to WebSphere
- How can I set a delegation parentLast when using open liberty-maven-plugin?
- javax.ws.rs.ClientErrorException: HTTP 404 Not Found on Websphere 9 using Swagger
- ClassPathXmlApplicationContext: Error creating bean with name 'X'; nested exception is java.lang.NoSuchMethodError: javax.persistence.Table.indexes()
- Getting error while doing JNDI lookup for EJB in websphere 8.5
- org.springframework.web.servlet.PageNotFound noHandlerFound No mapping found for HTTP request with URI