ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum Index » WebSphere Message Broker (ACE) Support » ACE: HTTPRequest Client Authentication X.509

Post new topic  Reply to topic
 ACE: HTTPRequest Client Authentication X.509 « View previous topic :: View next topic » 
Author Message
StrQST400
PostPosted: Fri Jul 23, 2021 9:18 am    Post subject: ACE: HTTPRequest Client Authentication X.509 Reply with quote

Novice

Joined: 24 Apr 2014
Posts: 12
Good Morning Folks,

I have 2 IBM Servers, one is IIB(10.0.0.22) and the other is ACE (11.0.0.13). I have an HTTP service running on IIB that expects X.509 Authentication. This flow tests fine when invoked from the command line, using curl, like so.
Code:
curl https://iib-server/test --cert ./cert --key ./key
A trace node on the test flow shows the IdentitySourceType, IdentitySourceToken and IdentitySourceIssuedBy in the Properties folder of the Root.

When attempting to invoke the same flow an HTTPRequest Node on ACE, with or without "SSL client authentication key alias" populated, I do not see the IdentitySource* fields in the trace.

My keystore is configured at the EG level and I have one keyEntry in the JKS. I have all the signer certs in the truststore.

I know that the mutual TLS handshake has succeeded, because otherwise it would not have gotten to the IIB Flow. I also know that not setting the --cert and --key in the curl causes a "client certificate not found" so it is being enforced.

The Documentation does not seem to indicate any change in the way the node is supposed to function. The exact same code deployed on the IIB Server produces the expected Properties Tree.

What else can I look at to see why the HTTPRequest Node is not sending the certificate? Or is it PMR Time?

ACE Version details:

Code:

Version:      '11.0.0.13'
Product:      'IBM App Connect Enterprise'
Build Number: '202'
IE02 level:   'unused_but_required'
IB Level:     'ib1100-L210528.202_P'
Server level: 'S1100-L210527.21441'
Toolkit level:'20210528-0254'


Thanks in advance for any pointers you have to give me.
StrQST400
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic  Reply to topic Page 1 of 1

MQSeries.net Forum Index » WebSphere Message Broker (ACE) Support » ACE: HTTPRequest Client Authentication X.509
Jump to:  



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP
  
 


Theme by Dustin Baccetti
Powered by phpBB © 2001, 2002 phpBB Group

Copyright © MQSeries.net. All rights reserved.