Example on how using pub.client:SoapClient to access URL using self signed certificate

Hi There,

I would like to request whether anyone has the example on how to use wmPublic package for server:

pub.client:SoapClient

to access URL which using Self Signed Certificate?

I am creating a service to post a SOAP message to the some URL and it is not working with error:

Connection Closed or
Handshake Failure.

KIndly share if you have experience on this matter.

Thank you,
Fanny T

Hi Fanny,

do you have the self signed certificate available locally?

If so you will have to add it to your Truststore in IntegrationServer by using keytool programm (is part of the jvm installation).
If there is a Truststore configured already, just add the self signed certificate.
If you are not using a Truststore create a new one.
Configure the Trsutstore under Security → Keystores and assigned it to the Truststore under Security → Certificates.
Restart IS once.

See IS Administrators Guide for further informations.

Additionally check for your ssl/tls configuration under Settings → Extended.

Regards,
Holger

Hi Holger,
Danke for the reply.
Actually i have tried to add the client self signed certificate into IS truststore.jks but the result is still the same.

I still got the error: handshake failure.

I tested the client URL using SSL Report website and i came to know that the self signed certificate is built based on Java 8 chiper algorithm.

The website only can accept the below chiper:

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

And based on below KB:
https://empower.softwareag.com/sl24sec/SecuredServices/KCFullTextASP/viewing/view.asp?prdfamily=Integration&KEY=125328-10552812&DSN=PIVOTAL&DST=TCD

I found out that our Webmethods 9.5 which is using Java 7 doesn’t support above chipper.

Since when i added into Extended Setting and tried to send the message to the URL, i got below error:

2017-08-24 17:12:25 SGT [ISC.0006.9999D] JSSEFactory ignoring CipherSuite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 because it is either invalid or unsupported
2017-08-24 17:12:25 SGT [ISC.0006.9999D] JSSEFactory ignoring CipherSuite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 because it is either invalid or unsupported

So I think Webmethods 9.5 won’t be able to connect to the website which using certificate that using Java 8 chiper encryption.

Do you think the above statement is correct?

Thank you.

Best Regards,
Fanny T

Hi Fanny,

yes the statement is correct so far.

You can try to apply the Java 1.8 Package for IntegrationServer 9.5 using UpdateManager and check if you are able to connect to the URL.

Or you can ask the site provider to allow some Java 7 supported cipher specs.

Regards,
Holger

Hi All,

Just wanted to give update.

The resolution of my issue is we have asked our counter part to lower down their certificate which support Java 7.
And it is working smoothly.

Thanks everyone for any input and thoughts.

Good day.