ACL enabled for client Group

Hi All,

My requirement is to protect the client group with SSL distinguished name.

Application team(C#) gave the certificate key [CN= , OU, C, L…etc] we have updated the same in client group, they are publishing to the Queue and they are passing the above key with in thebelow method, but still they are are unable to connect.

Broker 13.
at webMethods.MSG.Impl.ConnectionFactory.CreateConnection(String serverCertDistinguishedName,clientCertDistinguishedName,String Accesslabelhint)

Could you please help us on the same.

What is the Broker server version?

Is Broker server authentication SSL enabled or Basic authentication?

What is the complete stack trace of the error, do you see any error in Broker logs?

Can you connect to Broker from IS?

What is the Broker server version? Version 9.6

Is Broker server authentication SSL enabled or Basic authentication? SSL enabled

What is the complete stack trace of the error, do you see any error in Broker logs? no we dont see any errors in broker logs

Message =[BDN.11.1036]broker error :13
Stack Trace:
at webMethods.Msg.Protocol.BrokerProtocol.Connect(String clientID, ExceptionListner exceptionListner)
at webMethods.Msg.Impl.Connection…ctor(IProtocol protocl, String clientID)
at webMethods.Msg.Impl.ConnectionFactory.createConnection(String serverCertDistinguishedName, String clientCertDistinguisedName, String accessLabelHint)
at webMethods.Msg.Impl.ConnectionFactory.createConnection()

Can you connect to Broker from IS? Yes i can connect from IS.

Please proivde if you have any method on how to pass the certificate key informatio in the above method while invoking from client appkication(c#/Java).

It is detailed in page 186 in the following document,

Hi Venkat,

without certificate im using createconnection() method im able to connect and publish the data to broker(JMS Queue) from C# application.

But after Adding certificate key to client group (Added Our IS server Distinguished name (CN=ABC, OU=ABD, C=US) and client application Distinguished name (CN=ABC, OU=ABD, C=US) .

Im using this method , createconnection((CN=ABC, OU=ABD, C=US) to connect to broker.

The above error its throwing.

Any idea on this how to pass this?

Sorry I did’t used C# before, any other members can share.

But I see the following in the document,

Securing C# Clients with SSL
You use Microsoft Management Console (MMC) and the Certificates Snap-In to
configure and manage SSL for a C# client. When using MMC to configure SSL:

Open MMC, select File > Add/Remove Snap-In, then Add the Certificates.
Make sure to select the Client Authentication property of the Client Certificate.
Import the trusted root for the C# client certificate into the Trusted Root Certification
Authorities folder.
Check the client and trusted root certificates to make sure that they have not expired.
Assign a name value to the certificate’s friendly name if it is empty. When a
connection is created, this alias will be used by the connection factory.
Important: Use the Friendly Name as the client certificate DN in your C# client
connection code.
For more information on MMC, and on configuring SSL for Windows objects, refer to
your Windows OS documentation

Thanks, will read the doucment.

We are try to implement the the below for client group

SSL Authorization and Access Control Lists

An Access Control List (ACL) is a list of SSL distinguished names (DNs) that is a?ached
to a Broker object (client group, Broker Server, territory, territory gateway, cluster,
cluster gateway) representing an access point. It grants permission for clients on the list
to access the SSL-protected Broker object. To gain access to a Broker, a client must have
an identity (distinguished name and authenticator’s distinguished name) that matches
an entry on the ACL. Clients whose DNs do not match those on the ACL are denied
There are several different types of ACL. ACLs authorize clients for:

Sure, let the forum know the solution if you solve the issue