Author |
Message
|
zpat |
Posted: Wed Sep 17, 2014 6:51 am Post subject: IIB v9 - SoapRequest Node HTTP properties - client key alias |
|
|
 Jedi Council
Joined: 19 May 2001 Posts: 5866 Location: UK
|
In IIB V9, using a SoapRequestNode, in the HTTP Transport Properties there is a field called SSL client authentication key alias
Can anyone tell me if this is the same thing as the certificate label for the personal certificate in the JKS?
In other words should this value match the personal(server) certificate label in the truststore/keystore that I have configured for this EG JVM and HTTPS connector?
The reason I ask, is that I am getting
Text:CHARACTER:javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
Exception in thread "Thread-14" 2014-09-17 13:16:21.084 33 javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
2014-09-17 13:16:21.084 33 unable to negotiate SSL connection. Client key alias supplied was []. _________________ Well, I don't think there is any question about it. It can only be attributable to human error. This sort of thing has cropped up before, and it has always been due to human error. |
|
Back to top |
|
 |
mqjeff |
Posted: Wed Sep 17, 2014 7:03 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008 Posts: 17447
|
Yeah, the Knowledge Center is a bit ambiguous.
It seems likely that this should be the label of the relevant cert in the keystore.
It's certainly worth an experiment... |
|
Back to top |
|
 |
zpat |
Posted: Wed Sep 17, 2014 7:32 am Post subject: |
|
|
 Jedi Council
Joined: 19 May 2001 Posts: 5866 Location: UK
|
Yes, it's not my code, so I am just giving advice out.
I've suggested they use the WMB personal cert label name anyway. _________________ Well, I don't think there is any question about it. It can only be attributable to human error. This sort of thing has cropped up before, and it has always been due to human error. |
|
Back to top |
|
 |
mqjeff |
Posted: Wed Sep 17, 2014 7:36 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008 Posts: 17447
|
zpat wrote: |
Yes, it's not my code, so I am just giving advice out.
I've suggested they use the WMB personal cert label name anyway. |
If you really felt like digging into it, you could configure a local SOAPInput flow and configure it for SSL, and then trace the Identity fields to find out what comes out if you call it from a SOAPRequest with different "alias" values.
But if it's not your code, it's probably their job to do that...  |
|
Back to top |
|
 |
fjb_saper |
Posted: Thu Sep 18, 2014 4:11 am Post subject: |
|
|
 Grand High Poobah
Joined: 18 Nov 2003 Posts: 20756 Location: LI,NY
|
This is not used for SOAP input. It is used mostly for SOAP/HTTP request. This is where you would specify a client cert for the remote server. Some companies will hand you a keystore to enable communications with them. You will need a specific key to connect to their server.
To identify the key, set the label on the HTTP/SOAP Request node.
Remember SSL Client means Request node
SSL Server means input node.
Have fun.  _________________ MQ & Broker admin |
|
Back to top |
|
 |
IIB_Intel |
Posted: Thu Jul 27, 2017 3:03 pm Post subject: |
|
|
Acolyte
Joined: 07 May 2015 Posts: 64
|
I know this is an old thread but I have a question on this?
Can we change the default for " SSL client authentication key alias" for an EG or broker?
I have a third party application that all of sudden now wants to do 2 way ssl. I was looking for some generic approach to make this change to my services without making a code change or mqsioverride. |
|
Back to top |
|
 |
fjb_saper |
Posted: Thu Jul 27, 2017 9:10 pm Post subject: |
|
|
 Grand High Poobah
Joined: 18 Nov 2003 Posts: 20756 Location: LI,NY
|
You can either set it with the CMP application or do a redeploy after using mqsibarfileoverride. I don't know that there is a default "SSL client authentication key alias" ... and if there were you would certainly not want to change it as all one way SSL would suddenly become a 2 way SSL... There is enough trouble there to hang yourself with...  _________________ MQ & Broker admin |
|
Back to top |
|
 |
|