ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum IndexWebSphere Message Broker SupportSSL client authentication key alias question

Post new topicReply to topic
SSL client authentication key alias question View previous topic :: View next topic
Author Message
petervh1
PostPosted: Mon Nov 27, 2017 1:57 am Post subject: SSL client authentication key alias question Reply with quote

Apprentice

Joined: 19 Apr 2010
Posts: 25

Environment: IIB 10.0.0.9 on Windows 2012 Server

Can someone provide clarity on this issue:
Is it possible to have two flows within the same EG, such that FlowA connects to an https server and requires one-way
authentication, and FlowB connects to a different https server and requires two-way authentication?

In my EG-level keystore, I have 1 Personal Certificate, let's call it Cert1. I use this cert in FlowB to present to the https server that required two-way authentcation.
If I try to run FlowA from the same EG I get the following result:

Code:

RecoverableException
                                                              File:CHARACTER:F:\build\S1000_slot1\S1000_P\src\WebServices\WSLibrary\ImbWSRequest.cpp
                                                              Line:INTEGER:619
                                                              Function:CHARACTER:ImbWSRequest::makeWSRequest
                                                              Type:CHARACTER:
                                                              Name:CHARACTER:
                                                              Label:CHARACTER:
                                                              Catalog:CHARACTER:BIPmsgs
                                                              Severity:INTEGER:3
                                                              Number:INTEGER:3152
                                                              Text:CHARACTER:A Web Service request has detected a SOCKET error whilst invoking a web service via a proxy server located at host &1, on port &2, on path &3.
                                                              Insert
                                                                           Type:INTEGER:5
                                                                            Text:CHARACTER:xxxxx.xxxxxx.net
                                                              Insert
                                                                           Type:INTEGER:2
                                                                           Text:CHARACTER:8080
                                                              Insert
                                                                           Type:INTEGER:5
                                                                           Text:CHARACTER:/
                                                              SocketException
                                                                            File:CHARACTER:F:\build\S1000_slot1\S1000_P\src\WebServices\WSLibrary\ImbSocket.cpp
                                                                           Line:INTEGER:1289
                                                                            Function:CHARACTER:ImbSocketJNIManager::handleGeneralJavaException
                                                                           Type:CHARACTER:
                                                                           Name:CHARACTER:
                                                                           Label:CHARACTER:
                                                                           Catalog:CHARACTER:BIPmsgs
                                                                           Severity:INTEGER:3
                                                                           Number:INTEGER:3165
                                                                           Text:CHARACTER:An error occurred whilst performing an SSL socket operation
                                                                           Insert
                                                                                         Type:INTEGER:5
                                                                                         Text:CHARACTER:initiateSslHandshake
                                                                           Insert
                                                                                         Type:INTEGER:5
                                                                                         Text:CHARACTER:javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake



Am I correct in interpreting this to mean that FlowA is trying to user the same cert (Cert1) for one-way authentication? Is it possible to specify
a "dummy" SSL client authentication key alias so that FlowA doesn't try to use Cert1?
Back to top
View user's profile Send private message
zpat
PostPosted: Mon Nov 27, 2017 3:08 am Post subject: Reply with quote

Jedi Council

Joined: 19 May 2001
Posts: 5578
Location: UK

You can set the client key authentication alias (aka the keystore personal certificate label name) in the node properties.
_________________
Well, I don't think there is any question about it. It can only be attributable to human error. This sort of thing has cropped up before, and it has always been due to human error.
Back to top
View user's profile Send private message
petervh1
PostPosted: Mon Nov 27, 2017 5:21 am Post subject: Reply with quote

Apprentice

Joined: 19 Apr 2010
Posts: 25

Thanks for the reply.

What I am still unclear about is how to avoid a clash between the requirements of FlowA and FlowB in terms of certs when calling different https servers.

To elaborate: If I deploy these two flows to separate EGs, all is fine. If I deploy them to the same EG, I get the error mentioned in my initial post.
Back to top
View user's profile Send private message
Display posts from previous:
Post new topicReply to topic Page 1 of 1

MQSeries.net Forum IndexWebSphere Message Broker SupportSSL client authentication key alias question
Jump to:



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP


Theme by Dustin Baccetti
Powered by phpBB 2001, 2002 phpBB Group

Copyright MQSeries.net. All rights reserved.