Process Inspector and SSL trust

I had the whole SSL trust model sorted when I was running BPM 7.5.0, I even had Client auth set up and for this to work properly the Application Server had to trust the IHS plug-in.

Imagine my suprise then after I upgraded to BPM 7.5.1,  navigated to the ProcessAdmin screen, pressed the new "Process Inspector" button and realised (after checking the application server logs) that the Application server was complaining that it didn't trust the webserver cert!!!!... that's right, not the plug-in cert but the webserver cert!  .

The only explanation was that the App Server must be making a call (i.e as an SSL client) to the webserver. A quick check using Wireshark confirmed this.

So.. you need to make sure your WAS Cell trusts the webserver certificate (or it's signer chain)

My assumption at this moment is that a Dojo server side component is responsible for the call, and it's getting the webserver hostname / ipaddress from the clientside Dojo running "on the glass"