ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum IndexWebSphere Message Broker (ACE) SupportNeed help to setup multiple keystore/truststore in ACE V11

Post new topicReply to topic
Need help to setup multiple keystore/truststore in ACE V11 View previous topic :: View next topic
Author Message
mikepham
PostPosted: Fri Oct 06, 2023 3:41 am Post subject: Need help to setup multiple keystore/truststore in ACE V11 Reply with quote

Novice

Joined: 17 Mar 2010
Posts: 20

Hi

I have a flow which has to call 2 different HTTPS webservices

My flow was deployed to an ACE server managed by an ACE node

I configured in the node.conf.yaml file:

Code:
BrokerRegistry:
  brokerKeystoreType: 'JKS'
  brokerKeystoreFile: 'ws-truststore1.jks'
  brokerKeystorePass: 'brokerKeystore1::password'
  brokerTruststoreType: 'JKS'
  brokerTruststoreFile: 'ws-truststore1.jks'
  brokerTruststorePass: 'brokerTruststore1::password'


It worked fine when I use just the first webservice

However, when I add the second webservice, I don't know where to add keystore/truststore for the certificate of the second webservice. Then I got "javax.net.ssl.SSLHandshakeException" error

My question:
Can we setup multiple keystore/truststore in node.conf.yaml for certificates of different webservices ?
If not, is there any solution for setting up keystore/truststore for a flow using multiple HTTPS webservices ?

Thank you
Back to top
View user's profile Send private message
fjb_saper
PostPosted: Sun Oct 08, 2023 8:26 am Post subject: Reply with quote

Grand High Poobah

Joined: 18 Nov 2003
Posts: 20707
Location: LI,NY

You know you can have multiple keys in a key store / trust store. You will have to specify on each call with certificate (key) to use...
:enjoy:
_________________
MQ & Broker admin
Back to top
View user's profile Send private message Send e-mail
mikepham
PostPosted: Sun Oct 08, 2023 5:46 pm Post subject: Reply with quote

Novice

Joined: 17 Mar 2010
Posts: 20

fjb_saper wrote:
You know you can have multiple keys in a key store / trust store. You will have to specify on each call with certificate (key) to use...
:enjoy:


Hi fjb_saper,
Thank you for the feedback.

If possible, could you send me the document about "specify on each call with certificate (key) to use".
If I use just one - the first HTTPS webservice, I don't have to specify on each call with the cert key to use. All I have to do is declaring in the node.conf.yaml file. It worked fine.

So I guess I may have to add the CA cert of the 2nd HTTPS webservice into the current keystore/truststore.
Back to top
View user's profile Send private message
mgk
PostPosted: Mon Oct 09, 2023 7:04 am Post subject: Reply with quote

Padawan

Joined: 31 Jul 2003
Posts: 1638

Hi.

Quote:
So I guess I may have to add the CA cert of the 2nd HTTPS webservice into the current keystore/truststore.


Yes, this is the way to do it. As you are not using mTLS you do not need to specify which key to use. The system will choose the correct one from the truststore for you, just like a browser does...

Kind regards.
_________________
MGK
The postings I make on this site are my own and don't necessarily represent IBM's positions, strategies or opinions.
Back to top
View user's profile Send private message
mikepham
PostPosted: Mon Oct 09, 2023 8:53 pm Post subject: Reply with quote

Novice

Joined: 17 Mar 2010
Posts: 20

mgk wrote:
Hi.

Quote:
So I guess I may have to add the CA cert of the 2nd HTTPS webservice into the current keystore/truststore.


Yes, this is the way to do it. As you are not using mTLS you do not need to specify which key to use. The system will choose the correct one from the truststore for you, just like a browser does...

Kind regards.


Hi mgk

Thank you for your explanation.

I used keytool to import the CA cert of the 2nd HTTPS webservice into the keystore / truststore file I defined in the the node.conf.yaml file. Then I restarted the ACE node. I tested again, both HTTPS webservices worked perfectly, no SSLHandshake error any more.
Back to top
View user's profile Send private message
Display posts from previous:
Post new topicReply to topic Page 1 of 1

MQSeries.net Forum IndexWebSphere Message Broker (ACE) SupportNeed help to setup multiple keystore/truststore in ACE V11
Jump to:



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP


Theme by Dustin Baccetti
Powered by phpBB 2001, 2002 phpBB Group

Copyright MQSeries.net. All rights reserved.