cancel
Showing results for 
Search instead for 
Did you mean: 

Calling REST Web service which require client SSL Certificate and key

richiew03
Explorer
0 Kudos

Hi has anyone successfully configured the REST Datastore to call a web service which requires a client certificate and key?

I have configured the Datastore however there is only 1 entry to place an SSL Pem file (certificate or key). The SOAP Datastore has configuration options for an axis2.xml file where you can specify a certificate key and passphrase and I am expecting something similar.

Using Postman I can contact the web service successfully when passing the certificate and key files to any service on the host server.

Thanks in advance, R

Accepted Solutions (0)

Answers (4)

Answers (4)

former_member82170
Participant
0 Kudos

Hi Richard,

I am wondering if you had this working? We would like to use a private key to pass the authentication, do you have any suggestions?

Thanks and Regards,

Prasad

former_member82170
Participant
0 Kudos

Hi Richard,

I am wondering if you had this working? We would like to use a private key to pass the authentication, do you have any suggestions?

Thanks and Regards,

Prasad

former_member466847
Active Participant
0 Kudos

Richard, then that sounds like you will need to send the key as part of the header field, which would be the Authorization header schema for the RESTful datastore.
As you tested in Postman, have you confirmed the same behavior in SOAPui?

Please try the new schema design and if you still have difficultly i would suggest creating a Support ticket.

richiew03
Explorer
0 Kudos

Hi Jessica - thanks for the pointers, however I have some doubts as we are using the authorisation header to pass a client_id and a client_secret to the web service - however we must also pass the SSL client certificate and key.

I recreated the API call in SOAPUI, which works as long as I add the SSL Certificate to SOAPUI -> Preferences ->SSL Settings and add the PEM file in the Keystore. I concatenated the cert.PEM and key.PEM into a single file and referenced this file in the KeyStore field.

In Data services I configures the "SSL PEM file" parameter in the Datastore to also reference this PEM file however I still have the Client 60 error.

I will raise a Support ticket on this issue. Thanks

former_member466847
Active Participant
0 Kudos

Hello,
The Restful webservice Datastore when using the Basic Authentication can take the SSL certificates when they are defined in the SSL CA_Certs file.
But if you need to use the SSL key you may want to use the other authorization schemas and pass the key as a header format. Please know that if passed as an authorization header you may need to edit the WADL to have it as a new parameter.

Authorization schemas
https://help.sap.com/viewer/e54136ab6a4a43e6a370265bf0a2d744/latest/en-US/4f812b11e038492b9bad8db9ab...

Storing SSL certificates in the ca_cert file
KBA 2343560 - HTTP client error presents on executing a job with Web Service REST datastore - Data Services 4.2
https://launchpad.support.sap.com/#/notes/2343560

richiew03
Explorer
0 Kudos

HI Jessica, this sounds promising, but as I need to pass the certificate key would the receiving service need to be configured to receive the certificate key in the header? I ask as the parameters of the receiving service are already defined.

I have already worked through KBA 234560 however still received the error:

<60>:<Peer certificate cannot be authenticated with given CA certificates> - presumably because they key is not being sent with the certificate.

In Postman we for any given host we specify the certificate and key file to send with the requests and am looking for a configuration option which will replicate this.

Thanks R