How to configure Maximo Mobile with SSL?
Thadeu Russo 2700030EFT Comments (7) Visits (12146)
Maximo Mobile applications are Java based applications that run on Windows based devices, such as PDAs with Windows Mobile, and Netbooks, Notebooks and Desktops. Those applications use a HTTP channel to exchange data, like Assets, Locations, Work Orders and Tickets with Maximo EAM. The HTTP protocol by itself does not provide cryptography on the data transport. The combination of HTTP + SSL (Security Socket Layer) support the data exchange between the server that hosts Maximo EAM and the Maximo Mobile applications. This combination is widely known as HTTPS.
From the Maximo Mobile perpective, the basic configuration related to use HTTPS during the data exchange with the Maximo EAM is very simple. Just change th
The first basic thing you need to check is if your SSL certificate is correctly installed in your application server and if the port associated to receive http requests is the port you are configuring in the mobile.properties file. Another way to verify if the certificates are installed on the application server and which port is being is by trying to login into the Maximo EAM using the web browser. You need to pay attention on the URL and port the application is trying to connect. It is important to say this is not a common problem.
We recommend Maximo Mobile customers to perform all the applicable configurations on the desktop first before move to a handheld device because it is very straight forward to see details of errors that might happen. With that said, suppose you checked your application server and everything is fine from the SSL configurations perspective and you get an error on the DOS console from there you launch the Mobile Inventory Management application with messages like SSL handshake exception o
it means you need to take some additional steps in your configuration. Let us first try to quickly understand what that means before look at the solution.
What happens from the Java perspective?
For a JVM works with SSL, it must have the customer certificate installed on the JVM's keystore (a.k.a. cacerts file). The problem is that not only the cust
If we want to use the customer SSL certificate but the keystore does not have all the certificates needed in the chain until the root, an exception is thrown. To add the certificate to the JVM keystore is a standard procedure working with Java application and SSL. You can find more information in this link or on the internet by looking for 'Java and SSL' in your favorite searcher.
With all that said, the next step is to fix the problem we had. The solution is: Add the public certificate to the keystore of our JVM. The information to perform this task is presented below:
How do I manage the keystore? Is it the same for the mobile J9?
JRE (and JDK, as well) provides a tool called keytool which is used to manage the keystore. With this tool we can add, remove, export, import and list the contents of a keystore. The big issue is that there is a difference between the format of the cacerts file that mobile J9 works with the desktop J9 and desktop JRE. In practice, it means that we cannot use the keytool of the desktop JVM to manage the keystore of the mobile J9. Because of this, Maximo Mobile Suite is shipped since version 184.108.40.206 with the appropriate keytool to manage the mobile J9 keystore. If you have Maximo Mobile 220.127.116.11, the tool is available in a hotfix package. If you have a previous version of Maximo Mobile, please contact IBM Support to get the tool.
When we want a Maximo Mobile application running on the desktop to connect to Maximo using SSL, the certificates must be added to the cacerts of the JVM that runs the application. The JVM can be found looking the .cmd file used to launch the application (depending on how it was configured, the setEnv.cmd is the file that points to the JVM directory). Once the directory was identified and found, the keytool can be found in the jre\bin directory and the cacerts unde
Note: Out of the box, the password to access the cacerts in both JRE and Mobile J9 is changeit
Note 1: Commands from the J9 SDK (max
How to import certificates into the cacert file for clients on using mobile devices with SSL?
keytool -import -alias ca-prd-01 -file C:\c
keytool -import -alias max-app-prd01 -file C:\c
Note 1: -file - This is the path to the certificate to be added to the cacert
Note 2: -keystore this is the path to the cacert file
Note 3: In case you are asked if you trust in the certificate, answer yes.
How to list the certificates of a keystore?
keytool -list -keystore c:\c
To conclude, there are some important closing notes:
Hope this document helps you on the next time you need to work with SSL certificates for the Maximo Mobile product.