setKeyAndChain doesn't seem to be working.


We’ve been provided PKCS #12 type of files(xxx.pfx) from one of our partners to connect their portal via https.

In order to install them into IS, I extracted private key, server certificates and CA certs from it using openssl.

As per the instruction on advantage site, I implemented as follows.

  1. IS Admin → Extended: add some properties
  • watt.ssl.iaik.debug=true
  1. IS Admin → Security → Outbound SSL Certificates
    It was set by our own certificates and no change.
  2. Added and before and after pub.client:http
  • input location and name of converted certificates as input parameters.(certFiles’ order: Server->Intermediate->Root)
  • pub.client:http: input URL with https instead of http
  • back to original

With the procedure, I tried to send a message via https, but I got a following error.
ssl_debug(1): No client certificate available, sending empty certificate message
Hence, we couldn’t access the service in partner site.

In the above step #2, I replaced them with partner’s certificates instead of our owns.
I could send the message successfully, which means setKeyAndChain doesn’t work.

For the SSL communication with other partners, I should set our certificates in the Outbound SSL Certificates.

Can anybody advise how to make setKeyAndChain service is working? or Did I miss something else?

** IS information

  • Version:
  • Updates: TNS_7.1.2_Fix12

Thanks in advance.
Best regards,

When you are communicating with your client then you need to configure your client’s server public certificates at your end not your own certificates.