All,
We’ve been provided PKCS #12 type of files(xxx.pfx) from one of our partners to connect their portal via https.
In order to install them into IS, I extracted private key, server certificates and CA certs from it using openssl.
As per the instruction on advantage site, I implemented as follows.
- IS Admin → Extended: add some properties
- watt.net.ssl.debug=true
- watt.ssl.iaik.debug=true
- watt.security.ssl.ignoreExpiredChains=true
- watt.security.ssl.cacheClientSessions=false
- watt.security.ssl.client.ignoreEmptyAuthoritiesList=true
- watt.security.cert.wmChainVerifier.trustByDefault=true
- IS Admin → Security → Outbound SSL Certificates
It was set by our own certificates and no change. - Added pub.security:setKeyAndChain and pub.security:clearKeyAndChain before and after pub.client:http
- pub.security:setKeyAndChain: input location and name of converted certificates as input parameters.(certFiles’ order: Server->Intermediate->Root)
- pub.client:http: input URL with https instead of http
- pub.security:clearKeyAndChain: back to original
With the procedure, I tried to send a message via https, but I got a following error.
ssl_debug(1): No client certificate available, sending empty certificate message
Hence, we couldn’t access the service in partner site.
In the above step #2, I replaced them with partner’s certificates instead of our owns.
I could send the message successfully, which means setKeyAndChain doesn’t work.
For the SSL communication with other partners, I should set our certificates in the Outbound SSL Certificates.
Can anybody advise how to make setKeyAndChain service is working? or Did I miss something else?
** IS information
- Version: 7.1.2.0
- Updates: TNS_7.1.2_Fix12
Thanks in advance.
Best regards,
SJ