1

I'm using the cf CLI to deploy a spring boot application to Bluemix. I'm getting an error 'RSA premaster secret error' as can be seen here: RSA premaster secret error when using webHDFS from BigInsights on cloud

I'm deploying my application like this:

# Create a Liberty application in Blumemix.  
# Set APPNAME (below) to the name of the application.
APPNAME=<<theappname>>
cf login -u cf_username -p cf_password
cf push    $APPNAME -p build/libs/myapp.jar

It seems that I need to add a certificate to the truststore - what are the additional steps for doing this? From what I can tell I need to repackage the liberty server to do this.

The above code snippet encapsulates my entire knowledge about liberty, please take that into account when providing an answer. For instance, I have seen some answers suggesting that I need to edit server.xml, but I don't have this file, so presumably I need to create it from scratch, or generate it some how?

I have seen similar questions, but the workflow I'm specifically asking about to add a certificate is when I'm using the cf CLI tools.

halfer
  • 19,824
  • 17
  • 99
  • 186
Chris Snow
  • 23,813
  • 35
  • 144
  • 309

1 Answers1

2

There's no one thing to do to accomplish this task, it will require several steps:

1) Ensure Liberty & Spring app works locally. The data below will guide you through ensuring Liberty & Spring are setup correctly:

How to use Websphere liberty in spring boot application

http://www.adeveloperdiary.com/java/spring-boot/deploy-spring-boot-application-ibm-liberty-8-5/

2) Configure security for your app in Liberty:

https://www.ibm.com/support/knowledgecenter/SSAW57_9.0.0/com.ibm.websphere.nd.multiplatform.doc/ae/tsec_7add_signercert.html

3) Deploy a packaged server to Bluemix from the CF command line:

https://console.ng.bluemix.net/docs/runtimes/liberty/optionsForPushing.html

RandalAnders
  • 1,431
  • 9
  • 16
  • Thanks @RandalAnders. Is any work being done to improve and streamline this process? I'm wondering if it will be easier for me to locate the socket from my code and programmatically add the certificate. – Chris Snow Aug 12 '16 at 16:16
  • Yes, there are efforts ongoing to streamline the process, but that's all I can say at the moment. Probably easier for you to use the certs provided via the default SSL config (SSLContext.setDefault()) See the last few paragraphs below for more info: http://www.ibm.com/support/knowledgecenter/en/SSAW57_liberty/com.ibm.websphere.wlp.nd.doc/ae/rwlp_liberty_ssl_defaults.html?view=embed – RandalAnders Aug 15 '16 at 12:57
  • Thanks @Randal, I think the problem was due to unlimited encryption policies not being available. I found a workaround using a different build pack, but this is required to connect to BigInsights on cloud which we should probably support out of the box? – Chris Snow Aug 15 '16 at 13:17
  • this was the fix: https://github.com/IBM-Bluemix/BigInsights-on-Apache-Hadoop/commit/b78d12d5ea3ce5e43395cf8e7c1d094e1a9fc012 – Chris Snow Aug 15 '16 at 21:00