IBM SmartCloud for Social Business (SC4SB) provides a great sample application to demonstrate concepts behind OAuth. See Developing an IBM SmartCloud for Social Business application on developerWorks. But there's one detail that is omitted from the article, SSL configuration. First, you'll need to access the sample from an SSL enabled application server. The article uses Tomcat; I used my WebSphere Application Server, which has SSL pre-configured. If you decide to then test the sample application, you'll almost assuredly encounter:
The sample requires exchange of the SmartCloud SSL certificate with your application server. If you're using WebSphere, this is painless. Simply log in to the WebSphere Console as the administrator and access Security -> SSL certificate and key management. Then under Related Items, select Key stores and certificates -> NodeDefaultTrustStore -> Signer certificates (under Additional Properties). Click the Retrieve from Port button, and fill out the form:Error occurred with the following message :
Internal error - getRequestToken failed Exception:
javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.h: PKIX path building failed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is: java.security.cert.CertPathValidatorException: The certificate issued by OU=Equifax Secure Certificate Authority, O=Equifax, C=US is not trusted; internal cause is: java.security.cert.CertPathValidatorException: Certificate chaining errorPlease contact your administrator.
Host: apps.lotuslive.com
Port: 443
Alias: lotuslive
Port: 443
Alias: lotuslive
Click the Retrieve Signer Information button. Finally, click OK and Save to the master configuration. Retest the SC4SB sample application, and it should now succeed.