cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Certificate issue in SOAP receiver

Former Member

on ‎07-13-2016 3:19 PM

0 Kudos

Hi,

I have installed client certificate in NWA. But when I am trying to use this certificate in SOAP receiver communication channel, its not appearing in the Keystore.

This certificate was generated from the private key provided by the client. Is this the correct way to produce certificate?

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (5)

Answers (5)

Former Member
‎07-14-2016 8:04 AM
0 Kudos

Hi Prem,

In case you are not using two-way authentication (client authentication), there is no need to configure key-store in receiver cc.

Detailed explanation please check my reply to Manoj above.

Regards,

Robert

Show replies
Show replies
former_member816597
Explorer
‎07-14-2016 7:35 AM
0 Kudos

Hi Manoj,


If you are using one side communication direct to Third party then you can run XPI inspector with example 11 by entering URL . At the output of XPI inspector you check exact certificate which required to update in TrustedCA.


Regards

Ram

Show replies
Show replies
markangelo_dihiansan
Active Contributor
‎07-14-2016 4:05 AM
0 Kudos

Hi Prem,

Installing certificates depends if you will be using Client Authentication.

SSL without Client Authentication -> Install the certificate in the trusted CA in NWA. It will NOT appear in the keystore (receiver cc).

SSL with Client Authentication -> Create a new keystore and place your certificates there. The keystore will appear (if configured correctly) and you should be able to select the certificate too.

Regards,

Mark

Show replies
Show replies
manoj_khavatkopp
Active Contributor
‎07-14-2016 5:59 AM
0 Kudos

Mark,

If i am not wrong SSL with /Without client Authentication are supported in Sender SOAP channel isn't it ?

  • SSL without client authentication : No need of certificate we need to provide USER ID and Password.
  • SSL with client authentication : We are supposed to provide them the public key.




Br,

Manoj

markangelo_dihiansan
Active Contributor
‎07-14-2016 6:19 AM
0 Kudos

Hi Manoj,

  • SSL without client authentication : No need of certificate we need to provide USER ID and Password.

The certificate needs to be installed in NWA->TrustedCA keystore and you still need to provide userid and password.

  • SSL with client authentication : We are supposed to provide them the public key.

Yes, that is correct. You also need a new Keystore view to place the private key.

Regards,

Mark

Former Member
‎07-14-2016 7:10 AM
0 Kudos

Hi Manoj,

The SSL with client authentication should be configured in sender or receiver channel based on different role PI plays:

  • From the server side: the trust store contains certificates of the trusted clients, the key store contains the private and public key of the server.

  • From the client side: the trust store contains certificates of the trusted servers, the key store contains the private and public key of the client.

In most cases PI is acting as client in the TLS dance (sending request with receiver cc), in this case you need to save the certificate your partner provided in trusted CA in NWA. This manner is also called one-way TLS authentication.

In case you need to perform two-way TLS authentication (safer than one-way TLS authentication), you need to configure keystore in NWA, and provide your certificate to the partner you are communicating with as well.

The above configuration is configured in receiver cc as PI acts as client, and if PI acts as a service provider (server role - 3rd party is sending request to PI), then you need to configure similarly in sender cc.

Regards,

Hailong

PavanKumar
Active Contributor
‎07-13-2016 7:08 PM
0 Kudos

Hi Prem,

Have your imported the certificate in TRUSTEDCAS if so and still  you are not able to view the certificate.

Make sure the while trying to import the certificate at configuration check the filter (the certificate should contain those values) then only you can able to import the certificate.

While importing the certificate at ID configuration you can see below filters, If you are in newer PI version

1) Subject key identifier

2)x.509 certificate

Make sure that certificate which you trying to import containing these values or not. If not suggest the client to provide with those values.

Regards

Pavan D

Show replies
Show replies
manoj_khavatkopp
Active Contributor
‎07-13-2016 4:26 PM
0 Kudos

AFAIK the third party is suppose to provide you the certificate , private keys are not supposed to be shared.

However have you restarted ICM after installing Certificate ?

Try manually giving the certificate name and keystore in the receiver channel and test the flow.

Br,

Manoj

Show replies
Show replies
Ask a Question