| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
  |
|
| SSL client authentication key alias question |
« View previous topic :: View next topic » |
| Author |
Message
|
| petervh1 |
 Posted: Mon Nov 27, 2017 1:57 am Post subject: SSL client authentication key alias question |
 |
|
Centurion
Joined: 19 Apr 2010
Posts: 135
|
Environment: IIB 10.0.0.9 on Windows 2012 Server
Can someone provide clarity on this issue:
Is it possible to have two flows within the same EG, such that FlowA connects to an https server and requires one-way
authentication, and FlowB connects to a different https server and requires two-way authentication?
In my EG-level keystore, I have 1 Personal Certificate, let's call it Cert1. I use this cert in FlowB to present to the https server that required two-way authentcation.
If I try to run FlowA from the same EG I get the following result:
| Code: |
RecoverableException
File:CHARACTER:F:\build\S1000_slot1\S1000_P\src\WebServices\WSLibrary\ImbWSRequest.cpp
Line:INTEGER:619
Function:CHARACTER:ImbWSRequest::makeWSRequest
Type:CHARACTER:
Name:CHARACTER:
Label:CHARACTER:
Catalog:CHARACTER:BIPmsgs
Severity:INTEGER:3
Number:INTEGER:3152
Text:CHARACTER:A Web Service request has detected a SOCKET error whilst invoking a web service via a proxy server located at host &1, on port &2, on path &3.
Insert
Type:INTEGER:5
Text:CHARACTER:xxxxx.xxxxxx.net
Insert
Type:INTEGER:2
Text:CHARACTER:8080
Insert
Type:INTEGER:5
Text:CHARACTER:/
SocketException
File:CHARACTER:F:\build\S1000_slot1\S1000_P\src\WebServices\WSLibrary\ImbSocket.cpp
Line:INTEGER:1289
Function:CHARACTER:ImbSocketJNIManager::handleGeneralJavaException
Type:CHARACTER:
Name:CHARACTER:
Label:CHARACTER:
Catalog:CHARACTER:BIPmsgs
Severity:INTEGER:3
Number:INTEGER:3165
Text:CHARACTER:An error occurred whilst performing an SSL socket operation
Insert
Type:INTEGER:5
Text:CHARACTER:initiateSslHandshake
Insert
Type:INTEGER:5
Text:CHARACTER:javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
|
Am I correct in interpreting this to mean that FlowA is trying to user the same cert (Cert1) for one-way authentication? Is it possible to specify
a "dummy" SSL client authentication key alias so that FlowA doesn't try to use Cert1? |
|
| Back to top |
|
 |
| zpat |
| Posted: Mon Nov 27, 2017 3:08 am Post subject: |
|
|
Jedi Council
Joined: 19 May 2001
Posts: 5866
Location: UK
|
You can set the client key authentication alias (aka the keystore personal certificate label name) in the node properties.
_________________
Well, I don't think there is any question about it. It can only be attributable to human error. This sort of thing has cropped up before, and it has always been due to human error. |
|
| Back to top |
|
|
| petervh1 |
| Posted: Mon Nov 27, 2017 5:21 am Post subject: |
|
|
Centurion
Joined: 19 Apr 2010
Posts: 135
|
Thanks for the reply.
What I am still unclear about is how to avoid a clash between the requirements of FlowA and FlowB in terms of certs when calling different https servers.
To elaborate: If I deploy these two flows to separate EGs, all is fine. If I deploy them to the same EG, I get the error mentioned in my initial post. |
|
| Back to top |
|
|
|
|
|
| |
|
Page 1 of 1 |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
