Message Image  

Learn how to use certificate authority certificates in enterprise message flows in IBM® App Connect on IBM Cloud™

 View Only
Thu July 09, 2020 05:46 AM

You want an enterprise message flow to directly access your trusted website for processing, and want the message flow to run in App Connect on IBM Cloud. In App Connect on IBM Cloud plans that provide enterprise capabilities you can now deploy message flows that use CA Certificates.

First, find or create everything you need:

  • An instance of App Connect on IBM Cloud that provides enterprise capabilities, currently the Custom Enterprise or Lite plan.
  • Certificates and Bar file extracted from the zip file provided: (attached below)


  1. Import the BAR file from the archive file above into your instance of App Connect on IBM Cloud. This creates an Integration server.
  2. On the App Connect dashboard, click the Integration server’s tile to show the details of the integration server.
  3. Attach a Truststore Certificate policy to the integration server. At the top of the page, click Attached Policies and with the flow stopped, click Manage.
    1. To create a new policy and use the certificate from the provided archive, Create and attach a policy.

      Tip: If you have an existing Truststore Certificate policy, you can attach that by selecting the policy and then clicking Save.

    2. Select the policy type ‘Truststore Certificate’, and then give the policy a name. This name can be anything and is only used as a way of identifying the policy in the App Connect list of policies.
    3. Upload the certificate provided in the archive file above by dragging it into the ‘Create and attach a policy’ window.
    4. Enter the alias to be used in the truststore for this certificate and then click Add to add the certificate and alias to the policy.
    5. Click Create to create the policy.
  4. Start the flow. For example, open the menu (⋮) in the top right of the Integration server’s details view, then click Start. The status shown should change to ‘Running’.
  5. To test the flow, click the Integration server’s tile, copy the ‘HTTP Input’ URL, and then use your web browser to navigate to that address. You will need to input the credentials, because HTTPS is being used. You can find these by clicking ‘Credentials’ to the right of the URL in the Integration server’s details view.

    The website is returned with no css.

Trouble shooting

If the certificate is invalid it can be downloaded from as the Class 3 PKI Key (intermediate) in PEM format.


zip file   6 KB   1 version
Uploaded - Thu July 09, 2020