Skip to Content
avatar image
Former Member

Certificate issue in SOAP receiver

Hi,

I have installed client certificate in NWA. But when I am trying to use this certificate in SOAP receiver communication channel, its not appearing in the Keystore.

This certificate was generated from the private key provided by the client. Is this the correct way to produce certificate?

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

5 Answers

  • Jul 13, 2016 at 03:26 PM

    AFAIK the third party is suppose to provide you the certificate , private keys are not supposed to be shared.

    However have you restarted ICM after installing Certificate ?

    Try manually giving the certificate name and keystore in the receiver channel and test the flow.

    Br,

    Manoj

    Add comment
    10|10000 characters needed characters exceeded

  • Jul 13, 2016 at 06:08 PM

    Hi Prem,

    Have your imported the certificate in TRUSTEDCAS if so and still  you are not able to view the certificate.

    Make sure the while trying to import the certificate at configuration check the filter (the certificate should contain those values) then only you can able to import the certificate.

    While importing the certificate at ID configuration you can see below filters, If you are in newer PI version

    1) Subject key identifier

    2)x.509 certificate

    Make sure that certificate which you trying to import containing these values or not. If not suggest the client to provide with those values.

    Regards

    Pavan D

    Add comment
    10|10000 characters needed characters exceeded

  • Jul 14, 2016 at 03:05 AM

    Hi Prem,

    Installing certificates depends if you will be using Client Authentication.

    SSL without Client Authentication -> Install the certificate in the trusted CA in NWA. It will NOT appear in the keystore (receiver cc).

    SSL with Client Authentication -> Create a new keystore and place your certificates there. The keystore will appear (if configured correctly) and you should be able to select the certificate too.

    Regards,

    Mark

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member Manoj K

      Hi Manoj,

      The SSL with client authentication should be configured in sender or receiver channel based on different role PI plays:

      • From the server side: the trust store contains certificates of the trusted clients, the key store contains the private and public key of the server.

      • From the client side: the trust store contains certificates of the trusted servers, the key store contains the private and public key of the client.

      In most cases PI is acting as client in the TLS dance (sending request with receiver cc), in this case you need to save the certificate your partner provided in trusted CA in NWA. This manner is also called one-way TLS authentication.

      In case you need to perform two-way TLS authentication (safer than one-way TLS authentication), you need to configure keystore in NWA, and provide your certificate to the partner you are communicating with as well.

      The above configuration is configured in receiver cc as PI acts as client, and if PI acts as a service provider (server role - 3rd party is sending request to PI), then you need to configure similarly in sender cc.

      Regards,

      Hailong

  • avatar image
    Former Member
    Jul 14, 2016 at 06:35 AM

    Hi Manoj,


    If you are using one side communication direct to Third party then you can run XPI inspector with example 11 by entering URL . At the output of XPI inspector you check exact certificate which required to update in TrustedCA.


    Regards

    Ram

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Jul 14, 2016 at 07:04 AM

    Hi Prem,

    In case you are not using two-way authentication (client authentication), there is no need to configure key-store in receiver cc.

    Detailed explanation please check my reply to Manoj above.

    Regards,

    Robert

    Add comment
    10|10000 characters needed characters exceeded