Can someone take a look at the attached SSL trace in the wrapper.log? I am trying to enable a MASSL bi-directional web-service Client in webMethods and fails with broken pipe error. I have been trying to get this to work for weeks. Any help would be greatly appreciated. thx, James Hinkle
wrapper.log (194 KB)
Hi James
I have few questions as I do not know the context around the implementation:
- Are all keys configured right in both server and client systems? Meaning, client’s (IS) public key added in server’s truststore and server’s public key added in client’s (IS) truststore
- Are you using Webservices Consumer Endpoint Alias?
Prasad, thx for the quick reply. As far as i know, the keys are all configured. The server i am trying to connect to is an F5. I did pull down its public key and load it to my truststore. I am presenting an App ID Cert which should work. I have attached some screen shots of my key configurations. I am passing the App ID Certs alias in the web service connector. I think that is what you are asking. I was hoping something in the trace would give some indication as to the issue. thx again.
MASSL Issue.docx (197 KB)
from you log, i can see:
INFO | jvm 1 | 2019/08/13 12:00:46 | 0000: 0E 00 00 00 …
INFO | jvm 1 | 2019/08/13 12:00:46 | Warning: no suitable certificate found - continuing without client authentication
INFO | jvm 1 | 2019/08/13 12:00:46 | *** Certificate chain
INFO | jvm 1 | 2019/08/13 12:00:46 |
INFO | jvm 1 | 2019/08/13 12:00:46 | ***
your server is not picking up the cert to present during handshake.
on the Security > Certificates page, try to config SSL key first.
Adding to what Tong highlighted, as this is MASSL, the certs need to be configured/setup on both sides (client and server). The handshake happens on both sides (client authentication and server authentication). You both parties need to share their certs to each other and add them to their truststores/keystores.