topic Facing certificate error while calling create message api from IBM BPM in Webex for Developers

Facing certificate error while calling create message api from IBM BPM

Inturi Ravindra — Mon, 30 May 2022 07:37:25 GMT

Hi Team,

We are trying to call Create Message API from our IBM BPM product, but it's throwing certificate error.

I have also downloaded certificate from browser for below URL and installed in our servers, still it's not working. Can you please provide a valid certificate to install in our servers?

URL Calling : https://webexapis.com/v1/messages

Error we are getting :

CWTBG0019E: Unexpected exception during execution. Exception information: 'An exception occurred in activity "Execute REST Call" of "Service Flow" with name "REST HTTP Client". Task instance id "Task.437760". Details: "com.ibm.jsse2.util.h: PKIX path building failed: com.ibm.security.cert.IBMCertPathBuilderException: unable to find valid certification path to requested target".'.

Re: Facing certificate error while calling create message api from IBM

Rudrakshi — Mon, 30 May 2022 08:36:43 GMT

As given here: https://help.webex.com/en-us/article/lfu88u/Single-Sign-On-Integration-in-Control-Hub under SSO Setup > Configure Webex Identity Service:

Signed by a public certificate authority—This option is secure and advisable if you get your certificates signed from a public CA such as Hydrant or Godaddy. However, you must renew the certificate once a year.

Therefore, for Java you may need to install the GoDaddy G2 Root and/or Intermediate certificates listed below in the keystore used by java. These are available from https://certs.godaddy.com/repository.

GoDaddy Certificate Chain - G2

Name	File	Certificate Thumbprint (sha256)
GoDaddy Class 2 Certification Authority Root Certificate - G2	gdroot-g2.crt	45 14 0B 32 47 EB 9C C8 C5 B4 F0 D7 B5 30 91 F7 32 92 08 9E 6E 5A 63 E2 74 9D D3 AC A9 19 8E DA
GoDaddy Secure Server Certificate (Intermediate Certificate) - G2	gdig2.crt.pem (PEM) gdig2.crt (DER)	97 3A 41 27 6F FD 01 E0 27 A2 AA D4 9E 34 C3 78 46 D3 E9 76 FF 6A 62 0B 67 12 E3 38 32 04 1A A6

You may also need to install the GoDaddy G1 to G2 Cross certificate in your certificate keystore along with the intermediate certificate. This allows the SHA-2 certificates to be trusted by any client that recognizes the GoDaddy SHA-1 roots.

GoDaddy Certificate Chain

GoDaddy G1 to G2 Cross Certificate

gdroot-g2_cross.crt

3A 2F BE 92 89 1E 57 FE 05 D5 70 87 F4 8E 73 0F 17 E5 A5 F5 3E F4 03 D6 18 E5 B7 4D 7A 7E 6E CB

GoDaddy SHA-1 roots:

Name	File	Certificate Thumbprint (sha256)
GoDaddy Class 2 Certification Authority Root Certificate	gd-class2-root.crt (PEM) gd-class2-root.cer (DER)	C3 84 6B F2 4B 9E 93 CA 64 27 4C 0E C6 7C 1E CC 5E 02 4F FC AC D2 D7 40 19 35 0E 81 FE 54 6A E4

Hope this helps!

Re: Facing certificate error while calling create message api from IBM

Inturi Ravindra — Mon, 30 May 2022 09:31:25 GMT

Hi Rudrakshi,

Thank you very mych for your comment, generally we do .cer files installation, is it fine if we install .crt also ?

Note : We are using IBM BPM product.

Thanks

Ravindra

Re: Facing certificate error while calling create message api from IBM

Janos Benyovszki — Mon, 30 May 2022 12:35:37 GMT

@Inturi Ravindra it should probably be fine, but in case you have any issues, you can check with our TAC https://help.webex.com/en-us/contact