Making SOAP HTTPS call from webmethods

Hi All

We are trying to make HTTPS call from one IntegrationServer(A) to other(B).

As part of this we were advised to use the setKeyAndChain service and then invoke soapHTTP.

The soapHTTP call return the soapStatus as ‘0’ but the soapResponseData is coming as empty.

The setKeyAndChain takes PrivateKey and CertFiles as input.

Since no one shares their PrivateKey we generated a PrivateKey and used the UserCertificate and CA certificate to make the https call,but the request doesnt seem to have reached IS(B).

We are getting the following error from IS(B)

The required client certificate was not provided by /

Both IS A and B are 6.1.

Could someone please help us resolve this issue?

Check the flow service ACL.
or you can set the value in WmPublic/pub.client:soapClinet

Hope this help.

As far as I know, for an HTTPS server to accept the client certificate, it must trust the CA / chain that generated it. Besides, according to the IS manual, the client certificate presented must exist in the server:

Thus I guess you should copy the client CA to the Trusted Authority Directory of the HTTPS port of the invoked IS. There seems to be also a property called to make IS to trust all certificates.

Hope this helps

Hi Javie

I have tried all of these and i am still getting the error.

I am pasting the configurations from my IS please let me know is this correct

HTTPS Listener Configuration

 Port 6677  

Client Authentication Require Client Certificates

Package Name WmRoot

Bind Address (optional)

Listener Specific Credentials (Optional)

Server’s Certificate C:\Program Files\webMethods061\IntegrationServer\config\cert\Focus.der

Authority’s Certificate C:\Program Files\webMethods061\IntegrationServer\config\cert\release.der

Private Key C:\Program Files\webMethods061\IntegrationServer\config\cert\Focuskey.der

Trusted Authority Directory C:\Program Files\webMethods061\IntegrationServer\config\cert

I have added the cert.wmChainVerifier.trustByDefault=true property as well.


I really don’t know. However, you may try this:

  • First, ensure the invokation works with HTTPS but without requiring client certificates, in order to verify that accepting client certificates is the only problem.
  • Ensure you copied to C:\Program Files\webMethods061\IntegrationServer\config\cert the certificate of the authority that generated your client certificate. If it is a self-generated certificate, then the authority is the certificate itself.
    -Also, if your client CA is generated by another CA, remember that, in the “certFiles” parameter of the setKeyAndChain you must provide the certificates of all the certificate chain: your own client cert, the one of the CA creating it, and the ones of all other CAs creating the CA
  • When client certificates are required, they are used to map to IS users for authentication; i.e. your client certificate must be associated to an IS user in the server. For this, you must:
  1. Import the client certificate in the server IS, in Security > Certificates > Configure Client Certificates
  2. Once the certificate is imported, you have to associate it to an existing IS user.
    -You may also try to use not a SOAP call, but a plain HTTP one (pub.client:http), passing the service parameters as GET arguments in the URL
    -You may also try to use a client other than IS. E.g. you may import your client certificate into Internet Explorer and try to invoke a service in server B from the URL line. I suppose Internet Explorer will demand you to select a client certificate to use. If this works, then the problem lies not in the server IS, but in the client one.
  • In the client IS, instead of giving the private key in setKeyAndChain, you may also try to configure IS with a default client certificate (Security > Certificates > Edit )
  • Yet another alternative mechanism between ISs is to use remote service invokation, pub.remote:invoke, and setting a remote server alias using SSL, but this would be another path

Hope this helps

Hi Javie

Thanks a million.

It worked this time.

The problem was i didnt map the certificate to the user in the server side.

Thanks for your speedy response.

Thanks once again.



Hi Javier

The https call is working fine if i configure the certificates in Outbound SSL Certificates.

But when i use the same certificates in setKeyAndChain i am getting

the following error

Aborting connection from / Client certificate rejected by ChainVerifier

Do i need to anything more when i use setKeyAndChain?

Thanks in advance