ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum Index » WebSphere Message Broker (ACE) Support » SSL Client Certificate - handshake_failure

Post new topic  Reply to topic
 SSL Client Certificate - handshake_failure « View previous topic :: View next topic » 
Author Message
dianmushkov
PostPosted: Mon Mar 10, 2014 4:33 am    Post subject: SSL Client Certificate - handshake_failure Reply with quote

Newbie

Joined: 09 May 2013
Posts: 9
WMB 7.0.0.6 on AIX

BrokerRegistry
uuid='BrokerRegistry'
brokerKeystoreType='JKS'
brokerKeystoreFile='/opt/IBM/mqsi/7.0/keys/server.keystore'
brokerKeystorePass='brokerKeystore::password'
brokerTruststoreType='JKS'
brokerTruststoreFile='/opt/IBM/mqsi/7.0/keys/server.truststore'
brokerTruststorePass='brokerTruststore::password'
httpConnectorPortRange=''
httpsConnectorPortRange=''
modeExtensions=''
operationMode='enterprise'
shortDesc=''
longDesc=''

I need to call web service(E-WS1) in outside world. It uses SSL. But also it uses and SSL certificate for Client Authentication.
So as I read tons of documents I install all certificate chain in server.truststore.
I install client cert in server.keystore.

But still I was not able to call E-WS1.
I use SOAP Request Node to call E-WS1.
Http Transport Protocol set to SSL
Text:CHARACTER:javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure

I did not understand how to configure WMB Soap Request node to use certificate with alias XXXX1 from server.keystore.

What will happen when I need to call other external Web Service in the same flow - also using ssl and client authentication - E-WS2, which uses other certificate(alias XXXX2)

Can someone point me
Back to top
View user's profile Send private message
fjb_saper
PostPosted: Mon Mar 10, 2014 4:37 am    Post subject: Reply with quote

Grand High Poobah

Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
Wrong. The client cert needs to be in the broker's TRUSTstore. The only certs to be in the broker's keystore are the broker's own cert and any certs needed to make an outgoing connection. You will also need to set the policy to propagate and verify the caller's X509 cert...
_________________
MQ & Broker admin
Back to top
View user's profile Send private message Send e-mail
dianmushkov
PostPosted: Mon Mar 10, 2014 5:01 am    Post subject: Reply with quote

Newbie

Joined: 09 May 2013
Posts: 9
Thanks.
When Call an External Web Service I'm in needed to make an outgoing connection. ?

How to set this mentioned policy can you give me direction?
Back to top
View user's profile Send private message
Vitor
PostPosted: Mon Mar 10, 2014 5:49 am    Post subject: Reply with quote

Grand High Poobah

Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
dianmushkov wrote:
How to set this mentioned policy can you give me direction?


I would direct you to the product InfoCenter. Start here and keep reading.
_________________
Honesty is the best policy.
Insanity is the best defence.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic  Reply to topic Page 1 of 1

MQSeries.net Forum Index » WebSphere Message Broker (ACE) Support » SSL Client Certificate - handshake_failure
Jump to:  



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP
  
 


Theme by Dustin Baccetti
Powered by phpBB © 2001, 2002 phpBB Group

Copyright © MQSeries.net. All rights reserved.