MWS works with SOAP over HTTP over SSL/TLS with the digital certificate of the Infor Grid.
The Infor Grid router for MWS must have Basic authentication enabled over HTTPS (secure) and have all authentication disabled over HTTP (insecure); you can check in the Infor Grid > Configuration Manager > Routers > Default Router:
MWS from IPA
Tip: un-hard-code the scheme://host:port and replace it by a variable <!_configuration.main.MWS> to define.
When we execute the process we get the following exception:
com.sun.xml.internal.ws.client.ClientTransportException: HTTP transport error: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
That is because IPA does not know the Infor Grid certificate.
The IPA Configuration for the Web Service Connection does not have settings for an explicit truststore. Instead, IPA implicitly relies on the JVM’s truststore; let’s set it up.
Step 1. Infor Grid certificate
Note: Preferably get the certificate of the root CA as it usually signs the certificates for all environments (DEV, TST, PRD, etc.).
Step 2. IPA server truststore
Import the certificate into that JVM’s truststore using the Java keytool:
keytool -import -keystore lib\security\cacerts -file grid.cer
Note: I may have mixed up the keystore and the truststore in the command; to be verified.
Step 3. IPD truststore
Import the certificate into that JVM’s truststore as well.
Step 4. Test
Now execute the process. The Web Service activity node should not throw that exception anymore.
If you have a certificate purchased from a certificate authority that is already trusted by the JVM, such as VeriSign, this setup is not necessary.
That’s it. Let me know what you think in the comments below.