App Connect

App Connect

Join this online user group to communicate across IBM product users and experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.


#Applicationintegration
#App Connect
#AppConnect
 View Only
Back to discussions
Expand all | Collapse all

Disable SSL Certificate validation

  • 1.  Disable SSL Certificate validation

    Posted Thu November 27, 2025 08:05 AM

    I try to call the https API without any certificate using the HTTPRequest Node, but it returns the following error

    BIP2230E: Error detected whilst processing a message in node 'gen.SubmitBeneficiaryObject.submitbeneficiary (Implementation).Call Beneficiary API'. \nBIP3162S: An HTTP error occurred. The HTTP Request-Line was: 'POST /InsertMODBeneficiary HTTP/1.1
    \nBIP3152S: Socket error detected whilst invoking Web service located at host 66.9.136.35, port 443, path /InsertMODBeneficiary. \nBIP3165S: An error occurred whilst performing an SSL socket operation. Operation: connect. Error Text: javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.j: PKIX path building failed: com.ibm.security.cert.IBMCertPathBuilderException: unable to find valid certification path to requested target.

    I need to disable the validation for the certificate.


    ------------------------------
    Abdelazim Elkhole
    Integration Developer
    Envnt
    Riyad
    0508866204
    ------------------------------


  • 2.  RE: Disable SSL Certificate validation

    Posted Fri November 28, 2025 01:07 AM

    Hi Abdelazim,

    I don't think it's possible to disable SSL certificate validation on the HTTPRequest node in ACE. You normally have two options:
     
    1. Import the target server's certificate into the ACE truststore, so the HTTPS call can be trusted.
     
    2. Disable SSL on the target server and call the API over HTTP instead of HTTPS, although this is not recommended for security reasons.


    ------------------------------
    Nirmalan
    Integration Lead
    N-Able
    ------------------------------



  • 3.  RE: Disable SSL Certificate validation

    Posted Sun November 30, 2025 01:51 AM
    Hi Nirmalan,
     
    I comprehend you, but I need to describe the point when I tried to call the backend directly from Postman without passing any certificate. It was working fine, but when I tried to call from App Connect, it returned an error for SSL. I didn't know the reason, but in case I tried to change the URL in HTTPRequestNode to another HTTPS URL, it worked fine also.
    You get my point?


    ------------------------------
    Abdelazim Elkhole
    Integration Developer
    Envnt
    Riyad
    0508866204
    ------------------------------

    Original Message


  • 4.  RE: Disable SSL Certificate validation

    Posted Mon December 01, 2025 01:45 AM

    Hi Abdelazim,

    Just to verify, when you called the API from Postman, was the 'Enable SSL certificate verification' setting enabled in Postman settings? This will help us understand the difference in behavior between Postman and ACE.



    ------------------------------
    Nirmalan
    Integration Lead
    N-Able
    ------------------------------

    Original Message


  • 5.  RE: Disable SSL Certificate validation

    Posted Mon December 01, 2025 05:51 AM

    Hi Abdelazim,

    Can you check if target URL is using Self-signed certifcate? In that case you can try HTTP Request policy where there is an option to allow it.



    ------------------------------
    AVISHEK ACHARYA
    ------------------------------

    Original Message


  • 6.  RE: Disable SSL Certificate validation

    Posted Sun November 30, 2025 01:55 AM
    Hi Nirmalan,
     
    Do you have documentation for how to install a certificate in the ACE truststore?
     
    Many thanks for considering my request.


    ------------------------------
    Abdelazim Elkhole
    Integration Developer
    Envnt
    Riyad
    0508866204
    ------------------------------

    Original Message


  • 7.  RE: Disable SSL Certificate validation

    Posted Mon December 01, 2025 01:33 AM

    Hi,

    Is your deployment running in containers or on a VM? Also, could you let me know the ACE version you are using?



    ------------------------------
    Nirmalan
    Integration Lead
    N-Able
    ------------------------------

    Original Message


  • 8.  RE: Disable SSL Certificate validation

    Posted Fri November 28, 2025 04:06 AM

    Hi!

    You can try to set this line to true in your server.conf.yaml:
    As you can see it was line 500 for my file at least. Also, as it says in the file - do use this with caution!

    Thanks,

    Lars



    ------------------------------
    Lars Dehli
    ------------------------------



  • 9.  RE: Disable SSL Certificate validation

    Posted Sun November 30, 2025 01:53 AM
    Hi Lars,
     
    I tried your solution, changed the configuration, and restarted the server, but it still returned the same error


    ------------------------------
    Abdelazim Elkhole
    Integration Developer
    Envnt
    Riyad
    0508866204
    ------------------------------

    Original Message


  • 10.  RE: Disable SSL Certificate validation

    Posted Tue December 02, 2025 02:48 AM

    Hi,

    The reason why it works with postman is that either the TLS certificate verification option is disabled or your chrome browser contains the correct CA in it's trust store. A better test is using curl. There you can specify with or without '--insecure' . Without this option your api call will fail also.

    The error "PKIX path building..." occurs when the trust store doesn't contain the correct CA or the correct certificate chain. Check you certificate in the details for the complete chain.

    From this example you can best put in the trust store certificate 1 and 2 . This will allow all TLS connection with a server certificate signed by these 2 CA certs.

    To easily create a trust store I use a tool like keystore explorer.

    Important:

    • create a JKS
    • upload the certificate chain at least root (1) and intermediate(2) certificate

    Configure you server.conf.yaml file.

    and set the setdbparms or vault to set the password of the trust store

    mqsisetdbparms -w IS_LOCAL -n setdbparms::truststore --user Dummy --password password1234

    Start you integration server and it should work.

    mvg

    Kim



    ------------------------------
    Kim Meynendonckx
    ------------------------------

    Original Message


  • 11.  RE: Disable SSL Certificate validation

    Posted Sun November 30, 2025 10:18 PM

    It looks like the error you're seeing is caused by the HTTPS call failing SSL certificate validation. By default, IBM Integration Bus (or App Connect) performs strict SSL checks, and if it can't find a trusted certificate in the keystore, you get the PKIX path building failed error.

    To disable certificate validation for testing purposes, you have a couple of options:

    1. Use a self-signed or test certificate: Import the target server's certificate into your broker's keystore so it's trusted. This is the safer approach.

    2. Disable SSL verification (not recommended for production):

      • In the HTTPRequest node, you can set the SSL property to No SSL verification if your version supports it.

      • Alternatively, you can configure the HTTPRequest node to use a custom SSLConfig where certificate validation is turned off. This usually involves creating an SSLContext with TrustAllCertificates behavior.

    ⚠️ Warning: Disabling certificate validation is risky and should only be done for development or testing. Never do this in production.

    If you want, I can give you the exact steps for configuring the HTTPRequest node to bypass SSL validation.



    ------------------------------
    Paul Glenn
    ------------------------------



  • 12.  RE: Disable SSL Certificate validation

    Posted Mon December 01, 2025 05:50 AM

    I had a similar kind of issue in the past where target URL was having self-signed certificate configured. After changing to CA singed it worked for me. if this is same case for you, then you try using http-request policy and change the value for Accept Self singed cert to True and try once.



    ------------------------------
    AVISHEK ACHARYA
    ------------------------------



Related Content