My client want us to invoke their webservice using HTTPs & they shared thier pulic certificates.
In our ESB environment, we are not using any certificates hence we didn’t create any keystore and trust store.
After receiving the client certificate,
- created one empty JKS file using portecle.
- Added customer public certificate in the above JKS file.
- now i have configured only Trust Store, as per my knoledge only truststore is enough to send the https outbound request.
- in the IS admin page, i have configured Trustore in the Certificate section.
- here is the problem while sending the message, i am getting below error
Error: rg.apache.axis2.AxisFault: WS Security processing failed : Unable to resolve partner certificate for encrypting the request
can any one through some lights where i am doing wrong
Hi Bhanu,
which Version of wM are you using?
Does the certificate require a trusted CA or is it self signed?
As far as I understood only the CA is required in this case (for transport only).
There are 4 sections under Certificates section:
- Transport security (mostly used when you host an HTTPS port for customers calling webservices on your server)
- Signing (Used for signing the payload of an outgoing webservice call, WS-Security)
- Decrypting ( User for decrypting the payload of an incoming webserice call, WS-Security)
- Truststore (used for the CAs)
Can you share more details for these how you configured the certificate, please?
Looks like there is a configuration mismatch amongst these and what the provider expects.
Regards,
Holger
Thank you Holger for responding email.
we are in webMethods 9.5 version 9.5.1.0 , there were no patches and fixes installed on this environment.
yes I received CA certificate from Client
- I have created empty JKS file using Portecel, kept name as Trusted.jks
- Added Client CA certificate to this JKS file
- have kept this JKS file in the Integration server, config, security, Keystore.
- in IS Security–> keystore, created Trusted store alias. verified Imported alias is visible in the IS.
- Last Step: under certificate, map the trusted store alias as Trust Store
after this i have tested through designer, i am getting this error " org.apache.axis2.AxisFault: WS Security processing failed : Unable to resolve partner certificate for encrypting the request "
I did tested with SOAP UI without having Certificate ( JKS File ), it went sucessfully. after loading the JKS file also SOAP UI is giving success. but using webMethods designer i am getting error.
can you thgouth some light how to proceed. before installing the JKS file i have tested the connectivity using PORTECEL, everythign is good.
Hi Bhanu,
can you please share the following screens shots:
- Security → Certificates
- Securiyt → Keystore
- a snippet from Designer showing the paramets you pass the webservice call.
Please note that I am currently not used to WS-Security here as we are currently using only https-transport (both incoming and outgoing) in our project and this works very well.
Are you using WS Endpoints (under Settings) in IS?
Maybe you miss a setting there?
Regards,
Holger
Please find the attached document which have all the screen shots.
I have restarted the server several times & recreated JKS files but no luck.
SSL.docx (223 KB)
I resolved this issue by calling getCertificate and pass this information to partnerCert, Client required encrypted data that is the reason i am getting that error.
but still i am having other issues.
Thank you for giving inputs. I appriciate your help.
Hi Bhanu,
Could you help explain how you resolved the issues…coz we have same integration to oracle fusion where we are using uploadFileToUcm service to upload data.
If possible, please share your number to have a quick discussion.
Regards,
Santosh