creating consumer/provider wsd from wsdl hosted on internet over https

hi all,

i’ve have my wsdl hosted on internet over https

https://:/svcname?wsdl

i’ve failed(ssl handshake exception) to create provider/consumer wsd (using the wsdl over https internet url) in my designer

any help is appreciated
how, what, where on the required configurations on designer
Note: i’m using wm9.6 designer

thanks & regards
ajay kumar kasam

Hi,

You can try configuring http port in IS admin page(security->Ports) and login to designer and try to create WSDs.

Regards,
Sreekanth

i dont see a reason why should we create a security port(with host:port where is hosted wsdl’s) for creating wsd

when i tried to create wsd from wsdl hosted in http://, i had no issue even though i created no security port on IS admin

I have understood you question in a different way.

let me put it in this way, you had an issue in importing WSDL from HTTPS port into webmethods right ???

In order to be able to consume the WSDL using an HTTPS URL into webMethods, the certificate must exist in the JVM trust store. The truststore is a file named cacerts and it is located at:
\SoftwareAG\jvm\jvm160_64\jre\lib\security

The cacerts file (truststore) contains certificates.

if the certificate is already in the truststore, it should work fine. If it is missing, SSLHandshakeException will occur.

Regards,
Sreekanth

and please also do the following steps if the certificate is already exist in the truststore.

edit config.ini file located at SAG_Home\eclipse\v34\configuration\config.ini and add the two lines below.

javax.net.ssl.trustStore=C:\keystore\truststore.jks
javax.net.ssl.trustStoreType=JKS

Change the setting above to the path and the name of the truststore you are using. Restart designer and issue should get resolved.

Thank you Sreekanth,

I will try to

  1. download the Root CA of wsdl provider.
  2. create jks; import step 1 (root ca)
  3. configure this jks in the eclipse’s config.ini
  4. restart designer and try again

I will let you know the result

problem is not resolved.

i’ve added below lines to designer’s eclipse config.ini

javax.net.ssl.trustStore=C:\temp\oct26\cacertsfordesigner\designerTrustStore.jks
javax.net.ssl.trustStoreType=JKS
javax.net.ssl.trustStorePassword=changeit
javax.net.debug=ssl

i’m attaching the error message shown on designer before and after adding above four lines.

any help is appreciated

also, can some let me know where can i find the logs of the designer, in this case, i’m interested to ssl handshake logs when i’m creating a consumer wsd from https://yyyy?wsdl

designerTruststoreConfig.docx (76.8 KB)

Hi Ajay,

are you using Local Service Development or remote IS-based development?

For the latter you will have to configure the Truststore under Security -> Keystores and Scurity -> Certificates.

Otherwise the IS will not recognize the server certificate from the partners server.

The logs in the designer are stored in the workspace under .metadata, but I do not remember the exact folder.

Are there any related messages in the server log?

Regards,
Holger

are you using Local Service Development or remote IS-based development?
how to know whether its LSD or IS-based development?

i’ve IS running on my localhost, and i’m connected to my locally running IS from designer using the server definitions.


now i’ve designer side eclipse config changed to
javax.net.ssl.trustStore=C:\temp\oct26\cacertsfordesigner\designerTrustStore.jks
javax.net.ssl.trustStoreType=JKS
javax.net.ssl.trustStorePassword=cigna123
javax.net.ssl.keyStore=C:\temp\oct26\clientkeystore\clientkeystore.jks
javax.net.ssl.keyStoreType=JKS
javax.net.ssl.keyStorePassword=cigna123
javax.net.debug=ssl:handshake

restarted the designer

also added the Truststore and clientkeystore details in the IS admin -> security -> keystores aliases

still in my designer’s logs (i.e in .metadata folder)

i see below error

Caused by: java.security.NoSuchAlgorithmException: JKS KeyStore not available
at sun.security.jca.GetInstance.getInstance(GetInstance.java:159)
at java.security.Security.getImpl(Security.java:695)
at java.security.KeyStore.getInstance(KeyStore.java:613)
… 90 more

Hi Ajay,

in your case this is hard to detect as you have both on the same box.

Can you share the overview of Security -> Keystores and Security -> Certificates as well as the configuration of the HTTPS-Port?

Are you able to access the IS Admin UI by Browser via the HTTPS-Port?
What is the certificate being presented?

Sounds like a configuration issue on IS side now.

Regards,
Holger

creating of wsd from wsdl is Designer’s job. i won’t think its dependent on IS.

issue is resolved, earlier i made few mistakes in the eclipse.ini. the problem got fixed when i strictly followed the ‘instructions given in working with designer’.

creating of wsd from wsdl is Designer’s job. i won’t think its dependent on IS.

issue is resolved, earlier i made few mistakes in the eclipse.ini. the problem got fixed when i strictly followed the ‘instructions given in working with designer’.

Good deal… Glad to hear issue resolved by strictly following the SAG’s instructions.