SSL certificate keystore setup
Mobile applications often connect to multiple back-end systems. Some back-end systems require access through an HTTP adapter, and each back-end system can require a different SSL certificate for secure communication using HTTPS. These SSL certificates are stored in a keystore that is configured to the MPF Server using property keys.
MPF provides a default keystore. Choose to use this default keystore or replace it with our own keystore.
To configure an SSL certificate keystore, we must set the values of the property keys listed in the following table:
Property name Description ssl.keystore.path Path to the keystore relative to the server folder in the project. for example: conf/my-cert.jks.
ssl.keystore.type Type of keystore file. Valid values are jks or pkcs12.
ssl.keystore.password Password to the keystore file.
For descriptions of other MobileFirst configuration properties, see Configure a MobileFirst project in production using JNDI environment entries
For information about how to specify MobileFirst configuration properties, see Application server-side configuration parameters.
In addition to defining these three properties, configure the HTTP adapter XML file, which is located under <Worklight Root Directory>\adapters\<HTTP adapter name>. This file is described in The adapter XML File.
If we use SSL with mutual authentication between the MobileFirst Server and a back-end system, be aware of the following requirement:
- Define an alias and password for the private key of the keystore where the SSL certificate is stored. The alias and password are defined in the <connectionPolicy> element of the HTTP adapter XML file, adaptername.xml. The <sslCertificateAlias> and <sslCertificatePassword> subelements are described in The <connectionPolicy> element of the HTTP adapter.
Password specified in ssl.keystore.password is not the same password specified in <sslCertificatePassword>. ssl.keystore.password is used to access the keystore itself. <sslCertificatePassword> is used to access the correct SSL certificate within the keystore.
Parent topic: Application server-side configuration parameters