| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
  |
|
| Need help to setup multiple keystore/truststore in ACE V11 |
« View previous topic :: View next topic » |
| Author |
Message
|
| mikepham |
 Posted: Fri Oct 06, 2023 3:41 am Post subject: Need help to setup multiple keystore/truststore in ACE V11 |
 |
|
Novice
Joined: 17 Mar 2010
Posts: 20
|
Hi
I have a flow which has to call 2 different HTTPS webservices
My flow was deployed to an ACE server managed by an ACE node
I configured in the node.conf.yaml file:
| Code: |
BrokerRegistry:
brokerKeystoreType: 'JKS'
brokerKeystoreFile: 'ws-truststore1.jks'
brokerKeystorePass: 'brokerKeystore1::password'
brokerTruststoreType: 'JKS'
brokerTruststoreFile: 'ws-truststore1.jks'
brokerTruststorePass: 'brokerTruststore1::password' |
It worked fine when I use just the first webservice
However, when I add the second webservice, I don't know where to add keystore/truststore for the certificate of the second webservice. Then I got "javax.net.ssl.SSLHandshakeException" error
My question:
Can we setup multiple keystore/truststore in node.conf.yaml for certificates of different webservices ?
If not, is there any solution for setting up keystore/truststore for a flow using multiple HTTPS webservices ?
Thank you |
|
| Back to top |
|
 |
| fjb_saper |
| Posted: Sun Oct 08, 2023 8:26 am Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
You know you can have multiple keys in a key store / trust store. You will have to specify on each call with certificate (key) to use...
:enjoy:
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| mikepham |
| Posted: Sun Oct 08, 2023 5:46 pm Post subject: |
|
|
Novice
Joined: 17 Mar 2010
Posts: 20
|
| fjb_saper wrote: |
You know you can have multiple keys in a key store / trust store. You will have to specify on each call with certificate (key) to use...
:enjoy: |
Hi fjb_saper,
Thank you for the feedback.
If possible, could you send me the document about "specify on each call with certificate (key) to use".
If I use just one - the first HTTPS webservice, I don't have to specify on each call with the cert key to use. All I have to do is declaring in the node.conf.yaml file. It worked fine.
So I guess I may have to add the CA cert of the 2nd HTTPS webservice into the current keystore/truststore. |
|
| Back to top |
|
|
| mgk |
| Posted: Mon Oct 09, 2023 7:04 am Post subject: |
|
|
Padawan
Joined: 31 Jul 2003
Posts: 1642
|
Hi.
| Quote: |
| So I guess I may have to add the CA cert of the 2nd HTTPS webservice into the current keystore/truststore. |
Yes, this is the way to do it. As you are not using mTLS you do not need to specify which key to use. The system will choose the correct one from the truststore for you, just like a browser does...
Kind regards.
_________________
MGK
The postings I make on this site are my own and don't necessarily represent IBM's positions, strategies or opinions. |
|
| Back to top |
|
|
| mikepham |
| Posted: Mon Oct 09, 2023 8:53 pm Post subject: |
|
|
Novice
Joined: 17 Mar 2010
Posts: 20
|
| mgk wrote: |
Hi.
| Quote: |
| So I guess I may have to add the CA cert of the 2nd HTTPS webservice into the current keystore/truststore. |
Yes, this is the way to do it. As you are not using mTLS you do not need to specify which key to use. The system will choose the correct one from the truststore for you, just like a browser does...
Kind regards. |
Hi mgk
Thank you for your explanation.
I used keytool to import the CA cert of the 2nd HTTPS webservice into the keystore / truststore file I defined in the the node.conf.yaml file. Then I restarted the ACE node. I tested again, both HTTPS webservices worked perfectly, no SSLHandshake error any more. |
|
| Back to top |
|
|
|
|
|
| |
|
Page 1 of 1 |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
