Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Importing Client certificates in XI Visual Administrator

Go to solution
Former Member

‎12-12-2006 4:32 PM

0 Kudos

We are attempting to invoke a 3rd party web service from XI that requires use of client certificates. We have received the partner certificate as well as the certificate of the CA that signed it. Both have been imported into the Visual Admin tool. The CA cert is in the TrustedCAs view while the client one is in the service_ssl view.

In the receiver SOAP comm channel config, I choose "Configure Certificate Authentication". However, when I choose the input help, I do not see the certificates I imported visible at all. The only ones that are allowed to be chosen are certificates that are associated with private keys.

IN our case there is no private key since this is a partner's certificate. MY understanding is that if we initiate the communication, we use their public key to encrypt and they have the private key which allows them to decrypyt.

Is there some special procedure we need to follow in order to see the certificates in the list?? WIthout choosing the right certificate we're currently getting handshake errors which I believe are related to the issue.

I will reward points for any helpful answers. I have tried searching but haven't found much on this. Thanks!

1 ACCEPTED SOLUTION

Go to solution
yonko_yonchev
Active Participant

‎12-12-2006 6:34 PM

0 Kudos

Hi James,

try to place the certificate in a different keystore view - you may try the WebServiceSecurity, though it is possible that your configuration uses a different one. You should be able to see the configuration by openig the corresponding WS proxy (look under WS Clients) from the WSSecurity service of the VA.

The view service_ssl is reserved for SSL and normally there you'd have the key chain that the system uses to authenticate itself as a server in the SSL handshake.

Regards,

Yonko

2 REPLIES 2

Go to solution
yonko_yonchev
Active Participant

‎12-12-2006 6:34 PM

0 Kudos

Hi James,

try to place the certificate in a different keystore view - you may try the WebServiceSecurity, though it is possible that your configuration uses a different one. You should be able to see the configuration by openig the corresponding WS proxy (look under WS Clients) from the WSSecurity service of the VA.

The view service_ssl is reserved for SSL and normally there you'd have the key chain that the system uses to authenticate itself as a server in the SSL handshake.

Regards,

Yonko

Go to solution
Former Member

‎12-14-2006 7:14 AM

0 Kudos

Hi James,

for authentication based on client certificates, it is requierd to have the private key as well. Thus the UI is completly right in showing only the keypairs and not the certificates without private key. For the details, why this is the case, you can have a look at the description of <a href="http://en.wikipedia.org/wiki/Secure_Sockets_Layer">transport layer security</a> in wikipedia.

Maybe there is a misunderstanding between you and the other party ? maybe they like to have SSL but authentication based on userid/password ? The other option is, that they are waiting for you to send them your public key ???

Kind regards,

Patrick