Hi, I am trying to consume a secure web service on ECC 6.0 - so far without much luck.

When I try to connect to the ws server, it seems there are three certificates in action: a CICS certificate for establishing the SSL connection, a 'root' certificate from the PKI certificate issuer, and a private certificate issued by the above issuer (please forgive me if a have the syntax wrong - certificates are not my primary line of work). So, using Trust Manager (STRUST), I have created a PSE named 'OES' and imported all three certificates into it.

In SOAMANAGER I have set up the end-point using the WSDL-file and set the following parameters:

- Authentication Method = X.509 Client Certificate

- Trustworthiness Method = Holder of Key

- Issuer = <issuer from the root certificate>

- Name of Attester = <blank>

- Validity of SAML Assertion = 180

- Caching of SAML Assertions = False

- Attester System Destination = <blank>

- Name of Attester = <blank>

- User = SRxxxWS

- Password = <blank>

- Client PSE = OES

When I try to consume the web service, I can see in the log files that the CICS certificat is used for establishing the SSL connection but all I receive back is an HTTP 403 "Client Authentication Error". If I remove the CICS certificate from the PSE, the connection is not made.

How do I make the client certificate available for the connection? Have I approached the problem from the wrong side? Has anybody experienced something similar? Any help will be highly appreciated.

Thanks,

Bo