on 07-13-2016 3:19 PM
Hi,
I have installed client certificate in NWA. But when I am trying to use this certificate in SOAP receiver communication channel, its not appearing in the Keystore.
This certificate was generated from the private key provided by the client. Is this the correct way to produce certificate?
Hi Prem,
In case you are not using two-way authentication (client authentication), there is no need to configure key-store in receiver cc.
Detailed explanation please check my reply to Manoj above.
Regards,
Robert
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Manoj,
If you are using one side communication direct to Third party then you can run XPI inspector with example 11 by entering URL . At the output of XPI inspector you check exact certificate which required to update in TrustedCA.
Regards
Ram
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Prem,
Installing certificates depends if you will be using Client Authentication.
SSL without Client Authentication -> Install the certificate in the trusted CA in NWA. It will NOT appear in the keystore (receiver cc).
SSL with Client Authentication -> Create a new keystore and place your certificates there. The keystore will appear (if configured correctly) and you should be able to select the certificate too.
Regards,
Mark
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Mark,
If i am not wrong SSL with /Without client Authentication are supported in Sender SOAP channel isn't it ?
Br,
Manoj
Hi Manoj,
The certificate needs to be installed in NWA->TrustedCA keystore and you still need to provide userid and password.
Yes, that is correct. You also need a new Keystore view to place the private key.
Regards,
Mark
Hi Manoj,
The SSL with client authentication should be configured in sender or receiver channel based on different role PI plays:
In most cases PI is acting as client in the TLS dance (sending request with receiver cc), in this case you need to save the certificate your partner provided in trusted CA in NWA. This manner is also called one-way TLS authentication.
In case you need to perform two-way TLS authentication (safer than one-way TLS authentication), you need to configure keystore in NWA, and provide your certificate to the partner you are communicating with as well.
The above configuration is configured in receiver cc as PI acts as client, and if PI acts as a service provider (server role - 3rd party is sending request to PI), then you need to configure similarly in sender cc.
Regards,
Hailong
Hi Prem,
Have your imported the certificate in TRUSTEDCAS if so and still you are not able to view the certificate.
Make sure the while trying to import the certificate at configuration check the filter (the certificate should contain those values) then only you can able to import the certificate.
While importing the certificate at ID configuration you can see below filters, If you are in newer PI version
1) Subject key identifier
2)x.509 certificate
Make sure that certificate which you trying to import containing these values or not. If not suggest the client to provide with those values.
Regards
Pavan D
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
AFAIK the third party is suppose to provide you the certificate , private keys are not supposed to be shared.
However have you restarted ICM after installing Certificate ?
Try manually giving the certificate name and keystore in the receiver channel and test the flow.
Br,
Manoj
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
87 | |
10 | |
10 | |
10 | |
7 | |
6 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.