SSL certificate keystore setup

Mobile applications often connect to multiple back-end systems. Some back-end systems require access through an HTTP adapter, and each back-end system can require a different SSL certificate for secure communication using HTTPS. These SSL certificates are stored in a keystore that is configured to the IBM MobileFirst™ Platform Server by using property keys.

IBM MobileFirst Platform Foundation provides a default keystore. You can choose to use this default keystore or replace it with your own keystore.

To configure an SSL certificate keystore, you must set the values of the property keys listed in the following table:

Table 1. JNDI environment entries for SSL certificate keystore
Property name	Description
ssl.keystore.path	Path to the keystore relative to the server folder in the MobileFirst project; for example: conf/my-cert.jks.
ssl.keystore.type	Type of keystore file. Valid values are `jks` or `pkcs12`.
ssl.keystore.password	Password to the keystore file.
ssl.websphere.alias	WebSphere® SSL configuration alias used by the HTTP adapters
ssl.websphere.config	Set this property to true to have HTTP adapters use WebSphere SSL configuration. Default: false.

For descriptions of other MobileFirst configuration properties, see JNDI environment entries for MobileFirst projects in production.

For information about how to specify MobileFirst configuration properties, see Configuration of MobileFirst applications on the server.

In addition to defining these three properties, configure the HTTP adapter XML file, which is located under <Worklight Root Directory>\adapters\<HTTP adapter name>. This file is described in Structure of the adapter XML file.

If you use SSL with mutual authentication between the MobileFirst Server and a back-end system, be aware of the following requirement:

Define an alias and password for the private key of the keystore where the SSL certificate is stored. The alias and password are defined in the <connectionPolicy> element of the HTTP adapter XML file, adaptername.xml. The <sslCertificateAlias> and <sslCertificatePassword> subelements are described in HTTP adapter connectionPolicy element.
Note: The password that is specified in ssl.keystore.password is not the same password that is specified in <sslCertificatePassword>. ssl.keystore.password is used to access the keystore itself. <sslCertificatePassword> is used to access the correct SSL certificate within the keystore.