I'm a bit confused about loading Certificates

Hi,
I have a new partner certificate that I need to load. We have a clustered pair of TN Servers as well as a clustered pair of MWS. Do I need to load the certificate into each servers (2x TN, 2x MWS) keystore ?

Hi David,

for which purpose is the certificate intended?
Is it a server certificate or a client certificate?
Which version of wM are you running on?

You might want to check the IS Administrators Guide as well as the MWS Administrators Guide for further informations.

Regards,
Holger

Hi Holger,

It’s a client leaf certificate. We’re running wM 9.6. I’ve converted the cert to .der using OpenSSL and am wondering if I need to install it into the TN servers and the MWS servers, or just the TN Servers, or just the MWS servers ?

Cheers,
David

Hi David,

when it is a server certificate for your own server you should create a PKCS#12 file for the certificate itself and a JKS file for the truststore containing the CAs (mainly those which are not already present in the JVMs central cacerts file).

When it is a server certificate for a partner´s server, then you will have to add their CA in your truststore file.

When it is meant for authenticating a partner on your server you should add the certificate under Certificates -> Configure Client Certificates and map it to the TN User defined in the TN Partner Profile.
When your Partner logs in to MWS as well for monitoring you should import the user certificate there as well.

See IS Administrators Guide as well as MWS Administrators Guide for details.

Regards,
Holger

Hi Holger,
The VAN representing the Trading Partner is receiving the following message when they try to send an Order to us in the UAT environment:

"Headers Received by XXX CONTENT_TYPE:text/xml
STATUS_CODE:200

Response received

<?xml version="1.0"?>




"

I have added the Cert to MWS.

"Certificate Information:
Certificate Type:
SSL (default)
Version:
3
Serial Number:
3095378168959605900840068027256738683
Issuer Common Name:
DigiCert SHA2 Secure Server CA
Issuer DN:

c=US
o=DigiCert Inc
cn=DigiCert SHA2 Secure Server CA 

Subject Common Name:
osn.oracle.com
Subject DN:

c=US
st=California
l=Redwood City
o=Oracle Corporation
ou=Oracle OMCS (Oracle Owned) ADC
cn=osn.oracle.com 

Valid Not Before:
Aug 23, 2019
Valid Not After:
Oct 21, 2021
Alg Name:
sha256WithRSAEncryption"

Where else do I need to add the Certificate ??

Thanking you for your assistance with this issue.

Hi David,

We’re at 8.2 and I don’t know if there are differences in this area since you’re 9.6 and configured differently as well, but we don’t load any certs for TN partners via MWS.

We convert the certs to .DER and load them to the TN Truststore, clear the SSL cache and reload the Truststore (via IS Security). Then we load the certs to the partner’s profile via MWS Profile Security.

We aren’t associating users with partner profiles, but I think you may still need to load the partner’s certs to the TN profile anyway.

-Mary