It's worth noting that when you use the browser based Lombardi Process Inspector...
.... an outbound connection is made from an AppTarget cluster member JVM to the endpoint specified in 100Custom.xml (or 99Local.xml depending on how proper you're being). In many cases I've seen this endpoint left as the relevant WAS node ... but with me being OCD I made this endpoint the Load Balancer so that things were load balanced. Under these circumstances the public certificate issued by the webservers that sit behind the load balancer (unless of course you terminate SSL on the load balancer itself in which case you'd need to trust this instead) wouldn't be trusted by the WAS Cell, so you'll need to import it into the relevant trust store. I import into the CellDefaultTrustStore because I like the convenience.
If you don't trust the cert you'll see things like javax.net.ssl.SSLPeerUnverifiedException and javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated in the AppTarget logs
No comments:
Post a Comment