Brian Erle (IBM) 1200008FU8 Visits (6998)
The use of certificates in IBM Mobile Connect (IMC) is prevalent. From securing incoming device requests, to securing connections to databases, authentication servers and application servers certificates are a part of the everyday operation of an IBM Mobile Connect deployment. When everything is working perfectly no one really worries about those certificates securing sessions until they expire and everything comes to a grinding halt. This can happen literally in the blink of an eye. What was a perfectly valid incoming device request a millisecond ago, is now an expired request. In the wg.log from IMC you will see a message which will look like this:
[ERROR] SSLPort: failed to attach secure connection, fd=21: [10.10.10.10:33622] GSK_ERROR_BAD_DATE (rc=401,ec=401)
Using the IBM Key Manager an administrator can examine the certificates used to secure incoming devices. By examining the certificate in the Personal Certificates view and then using the VIEW action you can check for the expiration date for the certificate and then execute on a plan to ensure that a new certificate to replace an expiring one is in place and ready to go prior to the expiration date of the present certificate. The ACTIVE certificate is the one with the asterisk '*' symbol next to it. When it comes time to use the new certificate select the certificate and View it, then choose the option near the bottom of that dialogue which allows you to set it to the Default certificate. In order for IMC to begin using this certificate a Stop and Start of the Connection Manager is required.
324:745822528 (Apr 18 2016
Please Note - the LOG and DEBUG logging levels are required to be active to see these messages. IBM IMC support and development recommend that only ERROR and WARNING log levels are used during normal production operation for optimal performance.
The above message indicates that a secure request was received, and accepted, and there was no error, and the last message will also indicate which HTTP Service (if there are multiple services configured) handled the request.
Brian Erle (IBM) 1200008FU8 Visits (7299)
Traffic such as Apple APNS or Android GCM notifications are prime examples, although any traffic can be forwarded. IBM Mobile Connect, due to its position normally within a DMZ, has already been configured for strict security and using it to proxy traffic out from an enterprise environment may ease additional IBM Traveler or other applications utilizing push notifications.
To add a Forward Proxy function, a new HTTP Service is all that is needed. Proxying APNS, GCM and other traffic through IMC may all be handled in a single service and the supplied server URLs will act as a whitelist for allowed traffic.
For complete configuration details on this feature, see technote 7047136. Documentation for this feature will be added to the IBM
Note that for questions or comments about this new feature, or about anything related to Mobile Connect, you can also post them to the product forum at http