Troubleshooting
Problem
When connecting from Rule Studio to Rule Team Server on WebSphere Application Server V7.0 over HTTPS, the connection fails.
Symptom
The connection to Rule Team Server fails from Rule Studio, but when accessing from a web browser, it is works with the same URL, user and password login.
Cause
The connection URL to Rule Team Server is over HTTPS. The server certificate is not added to the Eclipse JVM truststore
Environment
Rule Studio / Eclipse
Resolving The Problem
Solution 1: Add the server certificate to the Eclipse JVM truststore
- Get the server certificate:
If you do not have direct access to the certificate stored on the server, you can obtain the server certificate from the client web browser. For details on how to export SSL certificate, see the vendor's documentation for each browser.
For example, when browsing the Rule Team Server console over HTTPS from Internet Explorer, a Security Alert dialog box is displayed. Click View Certificate > Details tab > Copy to file, and then follow the steps in the Export wizard. This exports the certificate to a .cer file (DER encoded binary). - Import the server certificate into the Eclipse JVM truststore using the keytool -import command. For example,
<JAVA_HOME>/jdk/bin/keytool.exe -import -file [PATH TO THE SERVER CERTIFICATE OBTAINED IN STEP 1] -alias [CERTIFICATE ALIAS] -keystore <JAVA_HOME>/jdk/jre/lib/security/cacerts
where <JAVA_HOME> points to the Eclipse JVM that you use to launch Eclipse (Rule Studio). - Verify that the key is added correctly using the keytool -list command. See the Java keytool documentation for details.
- Pass the trusted key to the Eclipse JVM using the javax.net.ssl.keyStore property. This property must point to the file location of the updated cacerts. For example, add this line to the script that starts Rule Studio:
-Djavax.net.ssl.trustStore=<JAVA_HOME>\jdk\jre\lib\security\cacerts
Solution 2: Configure a self signed certificate for the WebSphere Application Server server and use the ilog.rules.teamserver.allowSelfSignedCertificate property in Eclipse:
- Log into the WebSphere Application Server management console.
- Expand Security, and click SSL certificate and key management.
- Under Related Items, click Key stores and certificates.
- Click NodeDefaultKeyStore from your list of key stores and trust stores.
- Click Personal certificates under Additional Properties.
- Click Create > Self-signed certificate.
- Type the following values for the certificate:
Alias
Default self-signed
Common name
Server_IP_address - Click OK and then click Save.
Now that you have a self-signed personal certificate, the following steps configure the server to use it for inbound SSL connections:
- Click Security > SSL certificate and key management > Manage endpoint security configurations.
- Click your node under the Inbound tree node in Local topology.
- Under Related Items, click SSL configurations.
- Click NodeDefaultSSLSettings.
- Select your newly created self-signed certificate (default self-signed) as the default server certificate alias.
- Click OK and then click Save.
- Add in the following line to the vmarg of Eclipse:
-Dilog.rules.teamserver.allowSelfSignedCertificate=true
Refer to this document for details
[{"Product":{"code":"SS6MTS","label":"WebSphere ILOG JRules"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"Modules:Rule Studio (Eclipse)","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"7.1;7.0","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}},{"Product":{"code":"SSQP76","label":"IBM Operational Decision Manager"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"Modules:Rule Team Server","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"7.5;7.5.0.1","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]
Was this topic helpful?
Document Information
Modified date:
15 June 2018
UID
swg21586966