| Author |
Message
|
| nayadav4 |
 Posted: Mon Feb 28, 2022 10:44 pm Post subject: Self Signed certificate giving error in ACE |
 |
|
Newbie
Joined: 28 Feb 2022
Posts: 3
|
Hi There,
I am new to ACE and creating an application.
I have created an ACE application that calls an API internally . The API uses a self signed certificate and I have added the certificate to the truststore of the integration server . This is for dev environment so self signed certificate should be fine. But I am getting the below error when calling the API. Can somebody give any pointers on what the issue is ?
BIP3152S: Socket error detected whilst invoking Web service located at host arlibmcdq002 port 9443, path ***. BIP3165S: An error occurred whilst performing an SSL socket operation. Operation: connect. Error Text: SSLException: readHandshakeRecord. " |
|
| Back to top |
|
 |
| fjb_saper |
| Posted: Tue Mar 01, 2022 11:32 pm Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20696
Location: LI,NY
|
You need to create your selfsigned cert in the keystore, then extract the public X509 of it and add that to the truststore...
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| nayadav4 |
| Posted: Wed Mar 02, 2022 5:28 am Post subject: |
|
|
Newbie
Joined: 28 Feb 2022
Posts: 3
|
| fjb_saper wrote: |
| You need to create your selfsigned cert in the keystore, then extract the public X509 of it and add that to the truststore... |
So I am calling the Connect direct webservices API's from my flow in ACE using the HTTP request node . As per my understanding I just need to add the ssl certificate of Connect direct webservices to the trust store of the integration server from where I am making the API call .
Is this not correct ? I need to add the certificate of the CD webservices to the Keystore as well ? |
|
| Back to top |
|
|
| abhi_thri |
| Posted: Wed Mar 02, 2022 7:40 am Post subject: |
|
|
Knight
Joined: 17 Jul 2017
Posts: 516
Location: UK
|
| nayadav4 wrote: |
| As per my understanding I just need to add the ssl certificate of Connect direct webservices to the trust store of the integration server from where I am making the API call. |
hi...for one-way SSL you just need to ensure that the CA root certificate of the service that you are calling exists in the broker truststore, no need to add the leaf certificate.
Enable JSSE trace and see what exactly is happening during the SSL handshake,
https://www.ibm.com/support/pages/collecting-jsse-trace-ibm-integration-bus |
|
| Back to top |
|
|
| gbaddeley |
| Posted: Wed Mar 02, 2022 2:19 pm Post subject: |
|
|
Jedi
Joined: 25 Mar 2003
Posts: 2495
Location: Melbourne, Australia
|
| abhi_thri wrote: |
| nayadav4 wrote: |
| As per my understanding I just need to add the ssl certificate of Connect direct webservices to the trust store of the integration server from where I am making the API call. |
hi...for one-way SSL you just need to ensure that the CA root certificate of the service that you are calling exists in the broker truststore, no need to add the leaf certificate.
Enable JSSE trace and see what exactly is happening during the SSL handshake,
https://www.ibm.com/support/pages/collecting-jsse-trace-ibm-integration-bus |
By definition, self-signed certs do not have associated CA signer certs.
_________________
Glenn |
|
| Back to top |
|
|
| abhi_thri |
| Posted: Wed Mar 02, 2022 11:46 pm Post subject: |
|
|
Knight
Joined: 17 Jul 2017
Posts: 516
Location: UK
|
| gbaddeley wrote: |
By definition, self-signed certs do not have associated CA signer certs. |
oops...should've read the problem description closer |
|
| Back to top |
|
|
|
|
