Posted: Fri Jul 23, 2021 9:18 am Post subject: ACE: HTTPRequest Client Authentication X.509
Novice
Joined: 24 Apr 2014 Posts: 12
Good Morning Folks,
I have 2 IBM Servers, one is IIB(10.0.0.22) and the other is ACE (11.0.0.13). I have an HTTP service running on IIB that expects X.509 Authentication. This flow tests fine when invoked from the command line, using curl, like so.
A trace node on the test flow shows the IdentitySourceType, IdentitySourceToken and IdentitySourceIssuedBy in the Properties folder of the Root.
When attempting to invoke the same flow an HTTPRequest Node on ACE, with or without "SSL client authentication key alias" populated, I do not see the IdentitySource* fields in the trace.
My keystore is configured at the EG level and I have one keyEntry in the JKS. I have all the signer certs in the truststore.
I know that the mutual TLS handshake has succeeded, because otherwise it would not have gotten to the IIB Flow. I also know that not setting the --cert and --key in the curl causes a "client certificate not found" so it is being enforced.
The Documentation does not seem to indicate any change in the way the node is supposed to function. The exact same code deployed on the IIB Server produces the expected Properties Tree.
What else can I look at to see why the HTTPRequest Node is not sending the certificate? Or is it PMR Time?
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum