Issue in Connecting Broker using SSL Authentication

Hello Team,

I have done the following steps to configure broker using SSL authentication…

  1. Generated private key using CertificateToolKit ( 6.5 Version )
  2. Generated Certificate security Request ( CSR )
  3. Send that request to Certificate authority ( CA )
  4. Got response from CA
  5. Copied given signed Certificate in a .Txt format and converted it to .DER format ( Signed certificate )ex: CERT.DER
  6. Generated Keystore of Type PKCS #12 using portecle-1.7
  7. Imported .DER certificate in Keystore and generated keypair with same above Certificate values and set password to Key store
  8. Generated Truststore of Type JKS sing portecle-1.7
  9. Imported .DER certificate in Truststore and generated keypair with same Certificate values and set password to Truststore
  10. Configured all above Certificate and keystore and truststore and their key alias values in IS admin page
  11. Also configured SSL default port 443 with all keystore and trust store values…

My broker details: 10.10.131.15:6849
My Is Details:10.10.131.15:6666

Both IS and broker are installed on same machine

Error Details: Unable to create Broker Transport 10.10.131.15_6666_AdminClient. Exception com.wm.app.b2b.server.dispatcher.exceptions.EndpointUnavailableException: [ISS.0098.9014] BrokerException: Broker Not Running (101-1021): The host ‘10.10.131.15’ was found, but no Broker Server is running with secure sockets support on port 6849 of that host.

Is anything else pending to configure ? importing same certificate in both Keystore and Truststore and generating key alias with same certificate values - Is this correct ?

Please do the needful…

You mentioned you set up port 443 in step 11. The error message indicates IS is trying to connect to port 6849.

Thanks reamon…

443 - is defauly SSL port which is onfigured in IS Admin → Security → Ports

If I give 443 instead of 6849 in broker configuration how does Integration server identifies the broker…

I tried with port 443 ( 10.10.131.15:443 - brokerserver:port) but still it is not connecting to IS using SSL…

CA issued certificate with 1 month validity (Trail certificate ) - Does these trial certificates work fine ?

Keystore - importing CA certificate ( CERT.DER ) and generating key alias with same CERT.DER CN, DN values - Is this correct way to configure CERTIFICATES ? ( Name: TestKS )

Trust Store - importing CA certificate ( CERT.DER ) and generating key alias with same CERT.DER CN, DN values - Is this correct way to configure CERTIFICATES ? ( Name : TestTS )

Is this the right way to import certificate and generating key alias for both key-store and trust store…

I am fully confused, please need your valuable inputs to get this done

The ports you set up on IS Administrator are immaterial. IS connects to Broker.

You’ve apparently missed a step on Broker. Review the Broker docs to see what it might be.

The key parts of the error message: BrokerException: [B]Broker Not Running /b: The host ‘10.10.131.15’ was found, but no Broker Server is running with secure sockets support on port 6849 of that host.

Finally Issue is got resolved as follows…

In IS Admin - I have configure keystore file of type PKCS12 and TrustStore File of type JKS

Whereas in MWS - I have configured Keystore file of type PKCS12 and Truststore file of Type PEM

MWS is accepting only .PEM or .DIR file for trustsore configuration…

Thanks …

The error that resolved this for us was the Broker’s trust store did not have the complete chain (including intermediate certs) for the Integration Server.