@Kushal,
If you are running your IS on Unix/Linux, you need to be root to operate on port less than 1024.
Ref: Privileged Ports
HTH.
Thanks,
Rankesh
@Kushal,
If you are running your IS on Unix/Linux, you need to be root to operate on port less than 1024.
Ref: Privileged Ports
HTH.
Thanks,
Rankesh
Thanks Rankeshā¦this was useful information
Regards,
Kushal
Rankesh,
Thanks for the noteā¦it seems a useful point.
Hi Rankesh and RMG,
While i am trying to send an outbound transaction to our external partners, i am getting this error:-
iaik.security.ssl.SSLException: Server certificate rejected by ChainVerifier
Currently, i believe that the external partner is rejecting my serverās certificate it is receiving at the beginning of the 2 way SSL handshake. Is it because that my partnerās system is unable to trust our server certificate??
Thanking in advance,
Kushal
Yesā¦and also make sure the partner was given the new cert chain configured in their system as well and that way 2-way SSL hand shake worksā¦
This error is almost always caused by a misconfiguration on either the SSL client or SSL server side.
Make sure to install the CA from both sites into the Integration Serverās Trusted Root directory, so that Integration Server can trust the certificate chain presented by SSL Server.
HTH,
RMG
not only the CA root, also the CA intermediate cert need to be loaded in the Trust Store.
You donāt need to load the server cert to the trust store though.
Also, make sure the server returned the cert chain that they claimed having. You can use openssl to get the cert chain (sometimes, the browser will automatically fix the chain for you, which has different behavior than WM IS)
Also on what OS are you trying to configuring this keystore on Windows or Unix (that IS hosted on) ? so depends on that you need to select the provider (a small note)
HTH,
RMG
Thank you all.
I have already placed my CA root and intermediate in our IS truststore. Working to get the CA and intermediate of partner as well in truststore.
@RMG - our IS is on Unix box. Does this require any special way to create the provider WSDL ?
Thanks in advance,
Kushal
After getting the certificates before installing, cross verify the certificates which are going to use and other party using the same by checking validity, Serial Number and once if every thing in sync then install the certificate and do a testing. Kindly let us know the updates.
I was talking about Provider on the Keystore Properties screen.What did you set it there SUN or some thing else?
HTH,
RMG
Hi RMG,
Apologies for the late reply. The provider is set to SUN and the keystore type is JKS.
Thanks and regards,
Kushal
OK assumed.
Both Public and CA certs can be shared to other partner and same applies to the partner
Just a real late reply but the configuration had worked out. Completely forgot to update and thank everyone.
This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.