LANSA Integrator SOAP and Self signed certificate

[kno_dk]

Hi.

I have a application on an IBM I which use a 3 party soap Web-service via LANSA Integrator. This 3 party service have use HTTPS and it have work without any problems. But now they have switched to self signed certificate.

I have tried to import this new certificat into the IBM DCM and that was okay, but LANSA integrator is still failing with:
Caused by: com.ibm.jsse2.util.h: PKIX path building failed: java.security.cert.CertPathBuilderException: unable to find valid certification path to requested target
at com.ibm.jsse2.util.f.a(f.java:148)
at com.ibm.jsse2.util.f.b(f.java:82)
at com.ibm.jsse2.util.e.a(e.java:5)
at com.ibm.jsse2.aB.a(aB.java:7)
at com.ibm.jsse2.aB.a(aB.java:104)
at com.ibm.jsse2.aB.checkServerTrusted(aB.java:121)
at com.ibm.jsse2.E.a(E.java:38)
... 32 more
Caused by: java.security.cert.CertPathBuilderException: unable to find valid certification path to requested target
at com.ibm.security.cert.PKIXCertPathBuilderImpl.buildCertPath(PKIXCertPathBuilderImpl.java:654)
at com.ibm.security.cert.PKIXCertPathBuilderImpl.engineBuild(PKIXCertPathBuilderImpl.java:368)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:268)
at com.ibm.jsse2.util.f.a(f.java:84)

Can I do anything in the LANSA Integrator og IBM I so it can handle the selfsigned certificate?

[kno_dk]

Hi

Found a solution.

You have to use PKI in lansa integrator and the import the certificate into the JKS keystore.
And have this in the manager.properties:
# SSL configuration
#
java.protocol.handler.pkgs
javax.net.ssl.keyStore=pki/cacerts.jks
javax.net.ssl.keyStoreType=jks
javax.net.ssl.keyStorePassword=xyz1234
javax.net.ssl.trustStore=pki/cacerts.jks
javax.net.ssl.trustStoreType=jks
javax.net.ssl.trustStorePassword=xyz1234
javax.net.debug=all
javax.net.debug=ssl,handshake,data,trustmanager
#