setKeyAndChain doesn't seem to be working.

All,

We’ve been provided PKCS #12 type of files(xxx.pfx) from one of our partners to connect their portal via https.

In order to install them into IS, I extracted private key, server certificates and CA certs from it using openssl.

As per the instruction on advantage site, I implemented as follows.

  1. IS Admin → Extended: add some properties
  • watt.net.ssl.debug=true
  • watt.ssl.iaik.debug=true
  • watt.security.ssl.ignoreExpiredChains=true
  • watt.security.ssl.cacheClientSessions=false
  • watt.security.ssl.client.ignoreEmptyAuthoritiesList=true
  • watt.security.cert.wmChainVerifier.trustByDefault=true
  1. IS Admin → Security → Outbound SSL Certificates
    It was set by our own certificates and no change.
  2. Added pub.security:setKeyAndChain and pub.security:clearKeyAndChain before and after pub.client:http
  • pub.security:setKeyAndChain: input location and name of converted certificates as input parameters.(certFiles’ order: Server->Intermediate->Root)
  • pub.client:http: input URL with https instead of http
  • pub.security:clearKeyAndChain: back to original

With the procedure, I tried to send a message via https, but I got a following error.
ssl_debug(1): No client certificate available, sending empty certificate message
Hence, we couldn’t access the service in partner site.

In the above step #2, I replaced them with partner’s certificates instead of our owns.
I could send the message successfully, which means setKeyAndChain doesn’t work.

For the SSL communication with other partners, I should set our certificates in the Outbound SSL Certificates.

Can anybody advise how to make setKeyAndChain service is working? or Did I miss something else?

** IS information

  • Version: 7.1.2.0
  • Updates: TNS_7.1.2_Fix12

Thanks in advance.
Best regards,
SJ

SJ,
When you are communicating with your client then you need to configure your client’s server public certificates at your end not your own certificates.

Regards,
Vikas