[FONT=Arial][SIZE=2][COLOR=#0000ff][COLOR=#0000ff]I am trying to make a SOAP request using pub.client.soapHTTP to a datapower appliance. The call fails because the IS is deciding not to send the client authentication certs over to datapower. Here is the SSL communication for that request:
serverURL: WMIS-TT.PRIVATE.SOMEWHERE.COM
ssl_debug(2): Starting handshake (iSaSiLk 3.03)…
ssl_debug(2): Sending v2 client_hello message, requesting version 3.1…
ssl_debug(2): Received v3 server_hello handshake message.
ssl_debug(2): Server selected SSL version 3.1.
ssl_debug(2): Server created new session 7C:E6:7F:C6:C2:C6:C2:9C…
ssl_debug(2): CipherSuite selected by server: SSL_RSA_WITH_RC4_128_MD5
ssl_debug(2): CompressionMethod selected by server: NULL
ssl_debug(2): Received certificate handshake message with server certificate.
ssl_debug(2): Server sent a 1024 bit RSA certificate, chain has 1 elements.
ssl_debug(2): Received certificate_request handshake message.
ssl_debug(2): Accepted certificate types: RSA, DSS
ssl_debug(2): Accepted certificate authorities:
ssl_debug(2): (empty list)
ssl_debug(2): Received server_hello_done handshake message.
ssl_debug(2): No client certificate available, sending empty certificate message…
ssl_debug(2): Sending client_key_exchange handshake message (1024 bit)…
ssl_debug(2): Sending change_cipher_spec message…
ssl_debug(2): Sending finished message…
ssl_debug(2): Exception sending message: java.net.SocketException: There is no process to read data written to a pipe.
ssl_debug(2): Shutting down SSL layer…
ssl_debug(2): IOException while handshaking: There is no process to read data written to a pipe.
So I rechecked the IS setup and verified that the certs are installed and all set. They are not in DER format but I even tried that too. In an effort to prove that the certs are working correctly I pointed the pub.client:soapHTTP call to the default soap handler of another IS However, when I point the same pub.client:soapHTTP call over to another IS and you can see that the client certs are transferred correctly:
[/COLOR][/COLOR][/SIZE][/FONT]
serverURL: WMIS-TT.PRIVATE.SOMEWHERE.COM
ssl_debug(1): Starting handshake (iSaSiLk 3.03)…
ssl_debug(1): Sending v2 client_hello message, requesting version 3.1…
ssl_debug(1): Received v3 server_hello handshake message.
ssl_debug(1): Server selected SSL version 3.1.
ssl_debug(1): Server created new session 42:39:AE:18:B0:91:EC:49…
ssl_debug(1): CipherSuite selected by server: SSL_RSA_WITH_RC4_128_MD5
ssl_debug(1): CompressionMethod selected by server: NULL
ssl_debug(1): Received certificate handshake message with server certificate.
ssl_debug(1): Server sent a 1024 bit RSA certificate, chain has 2 elements.
ssl_debug(1): Received certificate_request handshake message.
ssl_debug(1): Accepted certificate types: RSA, DSS
ssl_debug(1): Accepted certificate authorities:
ssl_debug(1): Received server_hello_done handshake message.
ssl_debug(1): Sending certificate handshake message with RSA client certificate…
ssl_debug(1): Sending client_key_exchange handshake message (1024 bit)…
ssl_debug(1): Sending certificate_verify handshake message…
ssl_debug(1): Sending change_cipher_spec message…
ssl_debug(1): Sending finished message…
ssl_debug(1): Received change_cipher_spec message.
ssl_debug(1): Received finished message.
ssl_debug(1): Session added to session cache.
ssl_debug(1): Handshake completed, statistics:
ssl_debug(1): Read 2393 bytes in 3 records, wrote 2112 bytes in 4 records.
Any idea what would cause the IS to not send the client certs? One thought was that maybe the datapower was not requesting client certs but it must be because its closing the connection down right after it gets an empty certificate.
I have a ticket opened with webMethods but nothing has come of it yet.
Pre-thanks for any help or light you are able to shed on this.