ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum Index » WebSphere Message Broker (ACE) Support » IIB v9 - SoapRequest Node HTTP properties - client key alias

Post new topic  Reply to topic
 IIB v9 - SoapRequest Node HTTP properties - client key alias « View previous topic :: View next topic » 
Author Message
zpat
PostPosted: Wed Sep 17, 2014 6:51 am    Post subject: IIB v9 - SoapRequest Node HTTP properties - client key alias Reply with quote

Jedi Council

Joined: 19 May 2001
Posts: 5849
Location: UK

In IIB V9, using a SoapRequestNode, in the HTTP Transport Properties there is a field called SSL client authentication key alias

Can anyone tell me if this is the same thing as the certificate label for the personal certificate in the JKS?

In other words should this value match the personal(server) certificate label in the truststore/keystore that I have configured for this EG JVM and HTTPS connector?

The reason I ask, is that I am getting

Text:CHARACTER:javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure

Exception in thread "Thread-14" 2014-09-17 13:16:21.084 33 javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure

2014-09-17 13:16:21.084 33 unable to negotiate SSL connection. Client key alias supplied was [].
_________________
Well, I don't think there is any question about it. It can only be attributable to human error. This sort of thing has cropped up before, and it has always been due to human error.
Back to top
View user's profile Send private message
mqjeff
PostPosted: Wed Sep 17, 2014 7:03 am    Post subject: Reply with quote

Grand Master

Joined: 25 Jun 2008
Posts: 17447

Yeah, the Knowledge Center is a bit ambiguous.

It seems likely that this should be the label of the relevant cert in the keystore.

It's certainly worth an experiment...
Back to top
View user's profile Send private message
zpat
PostPosted: Wed Sep 17, 2014 7:32 am    Post subject: Reply with quote

Jedi Council

Joined: 19 May 2001
Posts: 5849
Location: UK

Yes, it's not my code, so I am just giving advice out.

I've suggested they use the WMB personal cert label name anyway.
_________________
Well, I don't think there is any question about it. It can only be attributable to human error. This sort of thing has cropped up before, and it has always been due to human error.
Back to top
View user's profile Send private message
mqjeff
PostPosted: Wed Sep 17, 2014 7:36 am    Post subject: Reply with quote

Grand Master

Joined: 25 Jun 2008
Posts: 17447

zpat wrote:
Yes, it's not my code, so I am just giving advice out.

I've suggested they use the WMB personal cert label name anyway.

If you really felt like digging into it, you could configure a local SOAPInput flow and configure it for SSL, and then trace the Identity fields to find out what comes out if you call it from a SOAPRequest with different "alias" values.

But if it's not your code, it's probably their job to do that...
Back to top
View user's profile Send private message
fjb_saper
PostPosted: Thu Sep 18, 2014 4:11 am    Post subject: Reply with quote

Grand High Poobah

Joined: 18 Nov 2003
Posts: 20696
Location: LI,NY

This is not used for SOAP input. It is used mostly for SOAP/HTTP request. This is where you would specify a client cert for the remote server. Some companies will hand you a keystore to enable communications with them. You will need a specific key to connect to their server.
To identify the key, set the label on the HTTP/SOAP Request node.

Remember SSL Client means Request node
SSL Server means input node.

Have fun.
_________________
MQ & Broker admin
Back to top
View user's profile Send private message Send e-mail
IIB_Intel
PostPosted: Thu Jul 27, 2017 3:03 pm    Post subject: Reply with quote

Acolyte

Joined: 07 May 2015
Posts: 64

I know this is an old thread but I have a question on this?

Can we change the default for " SSL client authentication key alias" for an EG or broker?

I have a third party application that all of sudden now wants to do 2 way ssl. I was looking for some generic approach to make this change to my services without making a code change or mqsioverride.
Back to top
View user's profile Send private message
fjb_saper
PostPosted: Thu Jul 27, 2017 9:10 pm    Post subject: Reply with quote

Grand High Poobah

Joined: 18 Nov 2003
Posts: 20696
Location: LI,NY

You can either set it with the CMP application or do a redeploy after using mqsibarfileoverride. I don't know that there is a default "SSL client authentication key alias" ... and if there were you would certainly not want to change it as all one way SSL would suddenly become a 2 way SSL... There is enough trouble there to hang yourself with...
_________________
MQ & Broker admin
Back to top
View user's profile Send private message Send e-mail
Display posts from previous:   
Post new topic  Reply to topic Page 1 of 1

MQSeries.net Forum Index » WebSphere Message Broker (ACE) Support » IIB v9 - SoapRequest Node HTTP properties - client key alias
Jump to:  



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP
 
 


Theme by Dustin Baccetti
Powered by phpBB © 2001, 2002 phpBB Group

Copyright © MQSeries.net. All rights reserved.