I installed Rule Designer into my W2K8 VM, and immediately saw issues connecting to Decision Server (RES) and Decision Center (RTS), including: -
![]()
Unexpected error: ilog.rules.res.util.http.IlrConnectionException
IO error when contacting "/res/repositoryService"
This is the same problem that I saw at a client back in late 2012, and occurs because, unlike Process Designer, Rule Designer doesn't seem "smart" enough to retrieve the SSL certificates from the JVMs on which RES and RTS are running.
The solution is to grab the endpoint certificates from the RES and RTS URLs - I chose to use Internet Explorer to do this, and save the certificates, in DER encoded binary X.509 (.CER) format, to my hard drive ( C:\temp\rts.cer and C:\temp\res.cer respectively ).
This is the same problem that I saw at a client back in late 2012, and occurs because, unlike Process Designer, Rule Designer doesn't seem "smart" enough to retrieve the SSL certificates from the JVMs on which RES and RTS are running.
The solution is to grab the endpoint certificates from the RES and RTS URLs - I chose to use Internet Explorer to do this, and save the certificates, in DER encoded binary X.509 (.CER) format, to my hard drive ( C:\temp\rts.cer and C:\temp\res.cer respectively ).
I then imported each into the Rule Designer's local SSL key/trust store ( CACerts ), as follows: -
"C:\Program Files\IBM\ODM851\jdk\bin\keytool.exe" -import -file c:\temp\odm.cer -alias RES-P71005LPAR1.static1.tec.hur.cdn -keystore "c:\Program Files\IBM\ODM851\jdk\jre\lib\security\cacerts" -storepass changeit
Owner: CN=P71005LPAR1, OU=P71005LPAR1Node01Cell, OU=DecisionServerNode01, O=IBM,
C=US
Issuer: CN=P71005LPAR1.static1.tec.hur.cdn, OU=Root Certificate, OU=odm85Cell, O
U=odm85Node1, O=IBM, C=US
Serial number: 912cd201ddc8
Valid from: 4/30/14 6:00 PM until: 4/30/15 6:00 PM
Certificate fingerprints:
MD5: 9A:7B:E3:1B:B1:02:D3:38:08:A4:4B:24:6D:04:CB:1B
SHA1: 47:42:81:7F:CC:A2:25:D3:5F:BE:47:6F:92:91:A8:74:F9:6C:ED:7B
SHA256: 86:3A:1D:49:EC:5B:08:E7:CE:03:9B:FD:59:13:B1:12:90:A9:5B:EE:45:
65:BE:5F:DA:19:B3:F9:54:8A:D2:4A
Signature algorithm name: SHA1withRSA
Version: 3
Extensions:
#1: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
[RFC822Name: ProfileUUID:Dmgr01-DEPLOYMENT_MANAGER-1d2ca68d-5864-4176-a6ed-63293
baa9766]]
#2: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 4e 7e a8 9c 7b fa f8 eb N.......
]
]
Trust this certificate? [no]: yes
Certificate was added to keystore
"C:\Program Files\IBM\ODM851\jdk\bin\keytool.exe" -import -file c:\temp\rts.cer -alias RTS-P71005LPAR1.static1.tec.hur.cdn -keystore "c:\Program Files\IBM\ODM851\jdk\jre\lib\security\cacerts" -storepass changeit
Owner: CN=P71005LPAR1, OU=P71005LPAR1Node01Cell, OU=DecisionCenterNode01, O=IBM,
C=US
Issuer: CN=P71005LPAR1.static1.tec.hur.cdn, OU=Root Certificate, OU=odm85Cell, O
U=odm85Node1, O=IBM, C=US
Serial number: d8b5af263526
Valid from: 5/1/14 3:51 PM until: 5/1/15 3:51 PM
Certificate fingerprints:
MD5: E5:BB:A2:FA:81:D1:2E:7C:23:50:9D:68:E7:E8:AA:71
SHA1: 77:33:BE:8C:14:AA:1B:CF:40:15:D8:A8:C9:3B:0F:7B:BB:0B:E3:94
SHA256: 4A:83:6E:61:1E:A1:65:D3:42:1A:79:F4:74:9E:2E:41:0A:B9:EE:7C:65:
C0:5F:DB:7A:01:36:03:29:E9:35:A4
Signature algorithm name: SHA1withRSA
Version: 3
Extensions:
#1: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
[RFC822Name: ProfileUUID:Dmgr01-DEPLOYMENT_MANAGER-1d2ca68d-5864-4176-a6ed-63293
baa9766]]
#2: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 40 4d 83 cb f4 e0 56 b4 .M....V.
]
]
Trust this certificate? [no]: yes
Certificate was added to keystore
Note that the command will prompt you to Trust this certificate to which you need to respond yes :-)
Once both certificates are added to CACerts, I simply restarted Rule Designer, and was then able to publish projects to Decision Center (RTS) and rulesets to Decision Server (RES).
"C:\Program Files\IBM\ODM851\jdk\bin\keytool.exe" -import -file c:\temp\odm.cer -alias RES-P71005LPAR1.static1.tec.hur.cdn -keystore "c:\Program Files\IBM\ODM851\jdk\jre\lib\security\cacerts" -storepass changeit
Owner: CN=P71005LPAR1, OU=P71005LPAR1Node01Cell, OU=DecisionServerNode01, O=IBM,
C=US
Issuer: CN=P71005LPAR1.static1.tec.hur.cdn, OU=Root Certificate, OU=odm85Cell, O
U=odm85Node1, O=IBM, C=US
Serial number: 912cd201ddc8
Valid from: 4/30/14 6:00 PM until: 4/30/15 6:00 PM
Certificate fingerprints:
MD5: 9A:7B:E3:1B:B1:02:D3:38:08:A4:4B:24:6D:04:CB:1B
SHA1: 47:42:81:7F:CC:A2:25:D3:5F:BE:47:6F:92:91:A8:74:F9:6C:ED:7B
SHA256: 86:3A:1D:49:EC:5B:08:E7:CE:03:9B:FD:59:13:B1:12:90:A9:5B:EE:45:
65:BE:5F:DA:19:B3:F9:54:8A:D2:4A
Signature algorithm name: SHA1withRSA
Version: 3
Extensions:
#1: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
[RFC822Name: ProfileUUID:Dmgr01-DEPLOYMENT_MANAGER-1d2ca68d-5864-4176-a6ed-63293
baa9766]]
#2: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 4e 7e a8 9c 7b fa f8 eb N.......
]
]
Trust this certificate? [no]: yes
Certificate was added to keystore
"C:\Program Files\IBM\ODM851\jdk\bin\keytool.exe" -import -file c:\temp\rts.cer -alias RTS-P71005LPAR1.static1.tec.hur.cdn -keystore "c:\Program Files\IBM\ODM851\jdk\jre\lib\security\cacerts" -storepass changeit
Owner: CN=P71005LPAR1, OU=P71005LPAR1Node01Cell, OU=DecisionCenterNode01, O=IBM,
C=US
Issuer: CN=P71005LPAR1.static1.tec.hur.cdn, OU=Root Certificate, OU=odm85Cell, O
U=odm85Node1, O=IBM, C=US
Serial number: d8b5af263526
Valid from: 5/1/14 3:51 PM until: 5/1/15 3:51 PM
Certificate fingerprints:
MD5: E5:BB:A2:FA:81:D1:2E:7C:23:50:9D:68:E7:E8:AA:71
SHA1: 77:33:BE:8C:14:AA:1B:CF:40:15:D8:A8:C9:3B:0F:7B:BB:0B:E3:94
SHA256: 4A:83:6E:61:1E:A1:65:D3:42:1A:79:F4:74:9E:2E:41:0A:B9:EE:7C:65:
C0:5F:DB:7A:01:36:03:29:E9:35:A4
Signature algorithm name: SHA1withRSA
Version: 3
Extensions:
#1: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
[RFC822Name: ProfileUUID:Dmgr01-DEPLOYMENT_MANAGER-1d2ca68d-5864-4176-a6ed-63293
baa9766]]
#2: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 40 4d 83 cb f4 e0 56 b4 .M....V.
]
]
Trust this certificate? [no]: yes
Certificate was added to keystore
Note that the command will prompt you to Trust this certificate to which you need to respond yes :-)
Once both certificates are added to CACerts, I simply restarted Rule Designer, and was then able to publish projects to Decision Center (RTS) and rulesets to Decision Server (RES).