I am trying to implement a call to an external SOAP service that is hosted by one of our trading partners. They are using HTTPS. They sent us a .cer file to use to call them, and when I tryed to convert and save the certificate with the 6.1 SSL toolkit, I get “This file does not contain a recognized response”. The partner gave us a URL of the form [URL=“https://host.com/DataExchange/DataExchange.asmx”]https://host.com/DataExchange/DataExchange.asmx[/URL] (substituting host.com for the real hostname). It is obviously a MS dotNET provider. When I browse to that URL with MS IE, I get “The page requires a client certificate”, but am able to view the certificate by clicking on the padlock icon in IE. I then imported it to my browser and exported it, ran it through the certificate toolkit and imported it into the IS client certificate area, but I still wasn’t able to get to the partner’s web service. I get a 403 - forbidden.
I also tried using pub.security:setKeyAndChain, but couldn’t get that to work, either.
I believe that I need to guide the partner to giving us a cert that we can use, but I am not a SSL whiz (as you have probably figured out). What do I tell them to give us? Or am I doing something wrong?
You should receive a private key file, a public key file (could be extracted from the private key) and a root certificate file. The files should be in .der format.
You need to run pub.security.setKeyAndChain before attempting the https call. You need privateKeyFile and a list of certFiles as an input. privateKeyFile is the filename of your private .der file (and path if not placed in the IntegrationServer directory). For certFiles you create a list of filenames for your publicKeyFile and root certificate file.
Then you run the pub.client.http flowservice with post/get and your input data. There is a bug in 6.1 that will return an error if you step through these functions - you will get a connection error! Instead use run to test flowservice with setKeyChain and http.
Yes, I do mean YOUR private key. From your private key you can generate a public key file which you will distribute to your integration partners. Please note that the keys need to be in .DER format, you can use OpenSSH or other tools to reformat .cer files to .der.