soap over https- webservice provider

Hi,
I have webservice provider created in 7.1.1 , which is supposed to be invoked by soap over https call. I have configured the https port and indicated the server certificate, Ca certificate and private key path in the configuration. Also I have the “required client certificate” option selected while creating the port.

To test the service , I have created a webservice consumer in another integration server using the provider’s wsdl. I have also placed the provider’s server certificate and CA certicate in public and CA of the IS config/certs directory.

But am getting error as “Authorization Required: [ISS.0084.9001] Invalid credentials”.

I am logging with the right user name and pwd, I even turned the Execute ACL to anonymouse in provider side to make it run. But doesnt help.

I tried in Soap UI, but got diff error,
" java.lang.Exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate"

Please let me know is there something else i should takecare to make the provider run in https port.
FYI-- i tried editing the extending settings related to security.ssl, after refering the forum. No luck.

Please let me know if any one can help me. Thanks in advance

it looks like you’ve missed the step for config of client certificates on provider host. On provider go to security-certificates-client certs and create here mapping for private cert of consumer.

HTH

Hi Holden,
Many thanks for the reply.
yes, i did not do mapping for client certificates.
All i did is

  • created a https port in provider IS-1 having provider’s private key, public certificate and CA certificate.
    -In the consumer IS-2, copied the public and CA certificates to public and CA path of the IS and created an Endpoint alias for consumer which holds the public and CA certificate details, also the IS-2 private key in http transport in the “Http transport properties” of the alias.

I ran the consumer service and got error as “iaik.security.ssl.SSLException: Peer sent alert: Alert Fatal: bad certificate”

Can you please explain this line in detail “create here mapping for private cert of consumer”
To map the certificate in client certificate, I should hold the consumer’s private key in the provider side.But ideally consumer’s private key is not shared to the provider.
Please correct me if this is wrong. Thanks in advance

Yes, you are right. Provider needs to know the relation between client’s public certificate and provider’s user. In this way when consumer connects to provider and presents its public certificate - provider logs client in with mapped credentials.

Of course private key is only known to its owner.

HTH, Regards.

Hi,
The client/consumer presenting the provider’s public certificate and not the clients public certificate to the provider. I tried mapping the provider’s public certificate to the client/consumer userid in the provider’s ‘configure client certificate’ section.

anways i already have the endpoint alias of provider and consumer in IS1 and IS2 set to public and CA certificate in http transport setting.

Please suggest me for any more configurations. Thanks