SSL certificate keystore setup
Mobile applications often connect to multiple back-end systems. Some back-end systems require access through an HTTP adapter, and each back-end system can require a different SSL certificate for secure communication using HTTPS. These SSL certificates are stored in a keystore that is configured to the IBM MobileFirst™ Platform Server by using property keys.
IBM MobileFirst Platform Foundation provides a default keystore. You can choose to use this default keystore or replace it with your own keystore.
To configure an SSL certificate keystore, you must set the values of the property keys listed in the following table:
Property name | Description |
---|---|
ssl.keystore.path | Path to the keystore relative to the server folder in the MobileFirst project; for example: conf/my-cert.jks. |
ssl.keystore.type | Type of keystore file. Valid values are jks or pkcs12. |
ssl.keystore.password | Password to the keystore file. |
ssl.websphere.alias | WebSphere® SSL configuration alias used by the HTTP adapters |
ssl.websphere.config | Set this property to true to have HTTP adapters use WebSphere SSL configuration. Default: false. |
For descriptions of other MobileFirst configuration properties, see JNDI environment entries for MobileFirst projects in production.
For information about how to specify MobileFirst configuration properties, see Configuration of MobileFirst applications on the server.
In addition to defining these three properties, configure the HTTP adapter XML file, which is located under <Worklight Root Directory>\adapters\<HTTP adapter name>. This file is described in Structure of the adapter XML file.
- Define an alias and password for the private key of the keystore
where the SSL certificate is stored. The alias and password are defined
in the <connectionPolicy> element of the HTTP
adapter XML file, adaptername.xml.
The <sslCertificateAlias> and <sslCertificatePassword> subelements
are described in HTTP adapter connectionPolicy element.Note: The password that is specified in ssl.keystore.password is not the same password that is specified in <sslCertificatePassword>. ssl.keystore.password is used to access the keystore itself. <sslCertificatePassword> is used to access the correct SSL certificate within the keystore.