Outbound SSL connection

Hello,
We’re setting up a HTTPS (soap) connection to our partner.
I’ve received from them a CA cert (.cer) file and password protected credentials file (.p12).
The .cer has already been added to default IS truststore. However, I have no idea how to install these credentials. Could anyone explain that to me what to do, please?

Br, Hubert

Hi Hubert,

please check if the CA issuing the final certificate is already contained in either cacerts and/our your local JKS Truststore file (default in your case).

The cert itself (the P12 file) needs to be imported as Keystore Alias into your IS (might be needed as a Truststore Alias additionally depending on the outcome of the check from my first question).
Hopefully the cert file and the P12 file are pointing to the same CA/cert.
Remember to clear the SSL cache and/or restart the IS after making changes to the keystore and truststore files.

When implementing the SOAPClient Call you need to invoke a pub.security:setKeyAndChain before the pub.client:soapClient or you can check if you can assign the Keystore and Truststore Aliases directly to the pub.client:soapClient service inputs.

Please check for the IS Administrators Guide and the IS Built-In-Services Reference for further informations.

Regards,
Holger

Hello,
Thank you Holger for your valuable advices! I followed your instructions and was able to reach endpoint server .

For future reference, what steps were done:

1. Create truststore alias for .cer certificates
2. Create keystore alias for .p12 credentials.
3. Restart IS
4. Build flow service with usage of:
   a. pub.security.keystore:setKeyAndChain before sending request to the remote server.
   b. pub.security:clearKeyAndChain after sending request to the remote server (optional, check from reference)

Br,
Hubert

Hi Hubert,

sounds good so far.

Regards,
Holger