Https private key authentification


I am trying to connect to a web api via https.
This sort of web service use an https connection.
I have to use 2 jks :

  • jks1 containing a private key and a certificate
  • jks2 containing only one certificate

both jks contents are necessary to connect to the api

I am trying to use using the service
This service needs the folowing input parameters : keyStoreAlias and keyAlias
I can use this to include the jks1 in my ssl connection but how can I include the jks2 certificate ?

Additionnal note : I try to reproduce a java service into a flow service, may be the following code can help you to understand :

Properties file content :
safeUrl=The url I try to join

java source :

// 1 Client certificate
FileInputStream kis = new FileInputStream(keystorePath);
KeyStore clientKey = KeyStore.getInstance(keystoreType);
clientKey.load(kis, keystorePass.toCharArray());

KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());

kmf.init(clientKey, keystorePass.toCharArray());

// 2 web server certificate
InputStream ksstr = new FileInputStream(jksPath);
KeyStore ks = KeyStore.getInstance("jks");
ks.load(ksstr, jksPasswd.toCharArray());

TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());


// SSL context 

SSLContext sslctx = SSLContext.getInstance("TLS");
sslctx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
SSLSocketFactory ssf = sslctx.getSocketFactory();

Thanks in advance for your help

I have edited first post to more understandable. :smiley:

For SSL/TLS authentication with a client cert, you need to have two settings:
–your server key: both the public key chain and private key of your server. This is your jsk1 key store
–your trust store: this should include all the CA root/intermediate certs of the systems that you will connect to. your jsk2 may serve this purpose. But you will need not only your own root cert, but the root/intermediate of the target system you want to connect to. you config this on Security > Keystore page, as truststore. and on Security > Certificates page too. The system will use it as the trust store by default.

Sorry, it is not working. But you are right for the jks : one contain server key and the other one some certificates

Does a tutorial exists for such thing ? It appear to me to be simple to do in java code.
It should be the same with WM, or let’s say “not irrealistic” :smiley:

Some news :
I have tried with a simple browser to join my https URL
For this I have installed in my browser the private key (I requested my admin to extract it in .p12 format)
I can join the URL with success.

Now in webmethods, I created a keystore :

I just try to join the same url URL using a flow service :

step 1 ( keyStoreAlias = testJulien and keyAlias =lyreco_consultation
step 2 (pub.client:http) url= https///… and method = POST

The distant server says me that I use a wrong certificate.

Do you know where I am wrong ?