calling third party rest api with client certificate

I’m currently working calling a third party rest api with their client certificate.
Without the certificate, I will get handshake exception.

I could import this certificate into my IS truststore which show in Security > Certificate.
I tested this and it work well.

But I wonder is there a way I could call a dedicate truststore from Security > Keystore > Truststore.

For soap api, I know that I could include the certificate in web service consumer endpoint alias, Setting > Web Services.


  1. Can I use web service consumer endpoint alias for calling third party REST api?
    If we can, how can we do it in our code.
  2. Without importing the certificate into IS truststore, could we get a dedicated truststore from truststore list for calling third party rest api?
    If this is doable, how can we achieve this?



Hi Kenny,

you should be able to assign a certain keystore and truststore when performing an outgoing soap or rest call.

See IS Built-In-Services reference and WS Developers Guide (or the corresponding REST Document) for details.
Check for something like setKeyAndChain if the service being invoked does not have direct inputs for the keystore and truststore.

The Truststore should contain all root and intermediate CA certificates as long as they are not already available in the cacerts file of the JVM.
The server and client certificate of the partner should then be placed in keystores.