| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
  |
|
| SSL error going to datapower |
« View previous topic :: View next topic » |
| Author |
Message
|
| Laurens |
 Posted: Thu Dec 06, 2012 12:11 am Post subject: SSL error going to datapower |
 |
|
Apprentice
Joined: 01 Oct 2009
Posts: 35
|
dear all,
I seem to have a silly issue, but I just can't seem to fix it.
I configure a HTTPRequest node to communicate with SSL to Datapower .
For this I have create a Keystore (type JKS) and attached it to my execution group.
While the keystore is working perfectly with SoapUI , it just doesn't work with Broker ( there is no firewall in between Broker and webservice)
The error I get is invariable :
CertPathValidatorException: The certificate issued by CN=Electrabel Issuing CA 1, OU=Electrabel Issuing CA, O=Electrabel, C=BE is not trusted; internal cause is: : BRMQI001.f2dc216c-3801-0000-0080-d9de64ee25a9: /build/S700_P/src/WebServices/WSLibrary/ImbSocket.cpp: 1017: ImbSocketJNIManager::handleGeneralJavaException: :
The password for the keystore and the password for the key are the same.
I check if all is parameters are set , the mqsireport lists all is ok.
Broker restarted to ensure that the password is activated and keystore is configured for the execution group
keystoreFile='/home/wmb/keystores/Access4U_DEV_KeyStore.jks'
keystorePass='Access4UClient::password'
truststoreType='JKS'
truststoreFile='/home/wmb/keystores/Access4U_DEV_KeyStore.jks'
truststorePass='Access4UClient::password'
In any case , the error I get indicates that the KeyStore has been accessed and can be read.
What am I missing ??
Kindest regards
Laurens |
|
| Back to top |
|
 |
| lancelotlinc |
| Posted: Thu Dec 06, 2012 6:04 am Post subject: |
|
|
Jedi Knight
Joined: 22 Mar 2010
Posts: 4941
Location: Bloomington, IL USA
|
WMB keystore identifies WMB to the rest of the world. Truststore indicates which of the rest of the world WMB trusts. Is the SSL cert in the keystore or the truststore? They are two different files.
What is the effective level of your runtime? Use mqsireportbroker to find out.
_________________
http://leanpub.com/IIB_Tips_and_Tricks
Save $20: Coupon Code: MQSERIES_READER |
|
| Back to top |
|
|
| Laurens |
| Posted: Tue Dec 11, 2012 5:47 am Post subject: |
|
|
Apprentice
Joined: 01 Oct 2009
Posts: 35
|
Thank you for the reply !
Since I'm very lazy , I had put trust and key store equal. Ugly , but not the root cause of my problem.
I got it working.
Perhaps interesting for other people :
when loading the Private key PK12 into the JKS keystore, I assumed the embedded certificates were visible also for the broker.
This is working in SOAPUI - where I used the same jks keystore - but not for Broker.
I extracted the certificates from the private key and loaded them seperately into the JKS.
I had to load each certificate seperately ( ROOT , Intermediate ) before the broker could find the correct certificates. |
|
| Back to top |
|
|
|
|
|
| |
|
Page 1 of 1 |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
