Autodesk SSL certificate

For IBM® Maximo® Real Estate and Facilities to access Autodesk Platform Services, the app server must make an SSL connection to Autodesk cloud services.

About this task

The app server must trust the Autodesk SSL Certificate. Typically, Java Virtual Machines (JVMs) browsers and app servers include the signer certificate from most major certificate authorities so they trust any certificate that is signed by these certificate authorities including those used by Autodesk Platform Services. However, high security app server deployments do not include any certificate authority certificates in the app server trust store as part of the base installation. This means that the app server does not trust the Autodesk certificates and connections to Autodesk Platform Services fail with an SSL Handshake exception. To resolve this, the certificate authority public root certificate used by Autodesk Platform Services must be imported into the app server trust store. There has been some variance seen in the certificate presented by Autodesk Platform Services both over time and by region, so these steps may need to be periodically repeated. The procedure varies by app server.

Retrieving the certificate

WebSphere Liberty

About this task

IBM WebSphere® Application Server Liberty relies on the underling JVM trust store. The following is one of the many ways the Autodesk Platform Services signer certificate can be retrieved and imported into the JVM trust store.

Procedure

  1. Open the link https://developer.api.autodesk.com in Firefox.
  2. Click the certificate (next to the site name).
  3. Click > button.
  4. Click More Information > View certificate > Details > Export..
  5. Choose X.509 Certificate with chain (PEM), select the folder and specify a name (for example, forgeautodeskcom.CRT).
  6. Click Save.

Importing the certificate into the JVM trust store

Procedure

  1. Identify which Java is being used by your Maximo Real Estate and Facilities installation. If you have previously started Maximo Real Estate and Facilities, the fourth line in the messages.log from the Maximo Real Estate and Facilities server (for example, /home/default/log/messages.log shows the Java home. Make note of the path.
    Draft comment: Paraic.ORaghallaigh@ibm.com
    provide updated example
  2. Search for cmd in the Start menu. When it displays, right-click the icon and select Run as Administrator.
  3. Navigate to the bin directory within the Java installation folder by command line. For installing Java JDK, the command is cd C:\Program Files\Java\jdk1.8.0_181\bin
  4. Once within the bin directory run the following command (make sure you have adjusted the paths to match what exists on your machine):
    1. Open a command prompt.
    2. Navigate to the bin directory of the JVM used by WebSphere Application Server Liberty. Liberty locates JVM by testing the following:
      • JAVA_HOME environment variable
      • JRE_HOME environment variable
      • Looking for a JVM in the path
    3. Use the key tool to import the certificate.

      The following is a sample command line for Windows:

      keytool -importcert  -alias developerautodeskcom -keystore "C:\Program Files\Java\jdk1.8.0_162\jre\lib\security\cacerts" -file C:\temp\developerapiautodeskcom.crt

      The following is a sample command line for Mac OS:

      sudo  keytool -import  -alias developerautodeskcom -keystore /Library/Java/JavaVirtualMachines/jdk1.8.0_161.jdk/Contents/Home/jre/lib/security/cacerts -file ~/Desktop/developerautodeskcom.crt

    sudo password: <your log in password>
    keystore password: changeit
    4. When prompted, the default password is changed, or whatever you have set your keystore password to.

      The above command lines are for the Oracle® JVM. They differ slightly for the IBM JVM.

      If SSL is configured on Maximo Real Estate and Facilities server, you need to do the same thing but using the path to your local server’s key.jks keystore.

      New Autodesk Platform Services certificate:
      keytool -importcert -alias developerautodeskcom -keystore "C:\tririga\wlp\usr\servers\tririgaServer\resources\security\key.jks" -file C:\temp\forge_autodesk_com.crt
    The password is the one used to set up SSL on the Maximo Real Estate and Facilities Liberty server (for example, Password). You also have to add the following to the C:\tririga\wlp\usr\servers\tririgaServer\server.xml file: 
    <ssl id="defaultSSLConfig" trustStoreRef="defaultTrustStore"/>
	<keyStore id="defaultTrustStore" location="${java.home}/lib/security/cacerts"/>