My requirement is to protect the client group with SSL distinguished name.
Application team(C#) gave the certificate key [CN= , OU, C, L…etc] we have updated the same in client group, they are publishing to the Queue and they are passing the above key with in thebelow method, but still they are are unable to connect.
Error:
Broker 13.
at webMethods.MSG.Impl.ConnectionFactory.CreateConnection(String serverCertDistinguishedName,clientCertDistinguishedName,String Accesslabelhint)
Is Broker server authentication SSL enabled or Basic authentication? SSL enabled
What is the complete stack trace of the error, do you see any error in Broker logs? no we dont see any errors in broker logs
Message =[BDN.11.1036]broker error :13
Source=webMethods.Msg
Stack Trace:
at webMethods.Msg.Protocol.BrokerProtocol.Connect(String clientID, ExceptionListner exceptionListner)
at webMethods.Msg.Impl.Connection…ctor(IProtocol protocl, String clientID)
at webMethods.Msg.Impl.ConnectionFactory.createConnection(String serverCertDistinguishedName, String clientCertDistinguisedName, String accessLabelHint)
at webMethods.Msg.Impl.ConnectionFactory.createConnection()
Can you connect to Broker from IS? Yes i can connect from IS.
Please proivde if you have any method on how to pass the certificate key informatio in the above method while invoking from client appkication(c#/Java).
without certificate im using createconnection() method im able to connect and publish the data to broker(JMS Queue) from C# application.
But after Adding certificate key to client group (Added Our IS server Distinguished name (CN=ABC, OU=ABD, C=US) and client application Distinguished name (CN=ABC, OU=ABD, C=US) .
Im using this method , createconnection((CN=ABC, OU=ABD, C=US) to connect to broker.
Securing C# Clients with SSL
You use Microsoft Management Console (MMC) and the Certificates Snap-In to
configure and manage SSL for a C# client. When using MMC to configure SSL:
Open MMC, select File > Add/Remove Snap-In, then Add the Certificates.
Make sure to select the Client Authentication property of the Client Certificate.
Import the trusted root for the C# client certificate into the Trusted Root Certification
Authorities folder.
Check the client and trusted root certificates to make sure that they have not expired.
Assign a name value to the certificate’s friendly name if it is empty. When a
connection is created, this alias will be used by the connection factory.
Important: Use the Friendly Name as the client certificate DN in your C# client
connection code.
For more information on MMC, and on configuring SSL for Windows objects, refer to
your Windows OS documentation
We are try to implement the the below for client group
SSL Authorization and Access Control Lists
An Access Control List (ACL) is a list of SSL distinguished names (DNs) that is a?ached
to a Broker object (client group, Broker Server, territory, territory gateway, cluster,
cluster gateway) representing an access point. It grants permission for clients on the list
to access the SSL-protected Broker object. To gain access to a Broker, a client must have
an identity (distinguished name and authenticator’s distinguished name) that matches
an entry on the ACL. Clients whose DNs do not match those on the ACL are denied
authorization.
There are several different types of ACL. ACLs authorize clients for: