Passing certificate in HTTPS call to an Azure api

Sanket_Pandey3 · February 10, 2021, 6:26am

Hi Folks,

The use case is as below:

We have been doing the HTTPS call to a Microsoft API even before but they never asked for the certificate till now.
Now we have to call them to a new URL and pass our certificate, they have configured the thumbprint of same certificate at their end.
We were doing a custom http call before, but now we are doing the http call as below
1. pub.security.keystore:setKeyAndChain
2. pub.client:http
3. pub.security:clearKeyAndChain
  But still getting the error as : com.wm.net.NetException: [ISC.0064.9314] Authorization Required: Client certificate or AAD Bearer token not found in request.
We have our certificate configured and mapped with our HTTPS port in Security > Keystore and we have CA Cert in truststore.
Even we have configured the certificate of the API which we are making HTTPS call to in Security > Certificates > Configure Client Certificates and mapped to a user which is part of group Administrator .
In Security > Certificates, I have the same Keystore and TrustStore as we have in Security > Keystore.

Still not sure what else required to send them the certificate so that they can verify the HTTPS call with certificate against the thumbprint of same certificate.

Though here from pub.security.keystore:setKeyAndChain no certificate is produced and not sure if it is produced from services like pub.security.keystore:getKeyAndChain or pub.security.keystore:getTrustedCertificates, where to pass it in pub.client:http

Any help here would be much appreciated!

Regards,

Sanket

Jaideep · February 16, 2021, 4:36am

Hi Sanket,
Can you please do the following and share the server.log and IS profile logs

Enable the SSL logging by setting the watt property watt.config.systemProperties=mail.imap.partialfetch=true,javax.net.debug=ssl
Set the logging of HTTP Header, HTTP Request, HTTP Response component to DEBUG
Restart the IS.

There are couple of reasons when IS (acting as client) will not send it’s certificate.

If the server is not sending any CA certificates
If none of the CA certificates that is send by the server signed the IS certificate.

Thanks.

Sanket_Pandey3 · March 4, 2021, 4:04pm

Hi Jaideep,

Thanks a lot for your inputs!

I was away for a while so sorry for delay in response.

After doing the below said at service level:

pub.security.keystore:setKeyAndChain
pub.client:http
pub.security:clearKeyAndChain

Further, at Extended Setting the below said made it work:

watt.security.ssl.client.ignoreEmptyAuthoritiesList=true

Thanks a lot for your reply!

Regards,
Sanket

system · June 2, 2021, 4:05pm

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Certificate based mutual authentication - setKeyAndChain? webMethods , Integration-Server-and-ESB , Flow-and-Java-services	16	3172	May 17, 2021
Neither certificate nor password was provided webMethods , Integration-Server-and-ESB	6	1356	May 11, 2021
Secure HTTP over SSL (HTTPS) with Client Authentication webMethods , Integration-Server-and-ESB , webmethods-Protocol-and-Transport	12	11784	April 2, 2021
pub.security:setKeyAndChain NOT sending any client certificate for SSL handshake, part II webMethods , SSL , TLS , mTLS	4	3017	May 12, 2021
Https call with certificate basic steps webMethods , Integration-Server-and-ESB , webmethods-Protocol-and-Transport	11	13839	April 2, 2021

Passing certificate in HTTPS call to an Azure api

Related topics