I am creating web service descriptor as a consumer in webMethods. Provider WSDL url is based on https. My question is, do I need to import any provider certs and install on webMethods IS so that I can create Web Service Descriptor, or what I need to configure to create it and accomplish SSL web service communication (wM acting as client).

Thanks.

Hello nasir,
In order to be able to consume the WSDL using an HTTPS URL into webMethods, the Certificate Authority (CA) certificate must exist in the JVM trust store. The truststore is a file named cacerts and it is located at:
\SoftwareAG\jvm\jvm160_64\jre\lib\security

The cacerts file (truststore) contains most of the popular certificates from Verisign, Thawte, and others.

Just go ahead and try to import the WSDL via the HTTPS protocol. If the CA certificate is already in the truststore, it will not complain. If it is missing, SSLHandshakeException will occur when attempting to import the WSDL.

If you import the WSDL from a file on disk, then you should be able to successfully import it. You will need the Certificate Authority (CA) certificates into the webMethods IS trust store to successfully call the service.

Thanks dcova,
I already verified and cacerts contains all the required certificates. Earlier, I also exported the required certificate from my browser and installed it into cacerts but its still l complaining. I tried building the web service descriptor from Developer and I am able to do that but WSDL URL on properties panel showing http URL, not sure why. Anyways, I can’t use developer as its depreciated and I am on 8.0.2. From Eclipse, I am still getting the following error.

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target.

The error message that you are getting surely indicates that your truststore does not contains the certificate.

I observed that my webMethods IS installation contains two (2) cacerts files. One is located at
\SoftwareAG\jvm\jvm160_64\jre\lib\security
and the other at
\SoftwareAG\jvm\jvm160_32\jre\lib\security

Ensure to check for multiple copies of the cacerts file.

I wonder if your webMethods IS installation is using an alternate JVM?

Let us know what you find. Cheers.

George

I checked and cacerts are in the right JVM place. Again, if I try to create WSD via developer, I can create it but I am only getting error creating in eclipse.

Its not documented. To resolve the issue, edit config.ini file located at SAG_Home\eclipse\v34\configuration\config.ini and add the two lines below.

javax.net.ssl.trustStore=C:\keystore\localhost.jks
javax.net.ssl.trustStoreType=JKS

Change the setting above to the path and the name of the truststore you are using. Restart designer and issue is resolved.

George, can you confirm if you already has these two lines in your designer config.ini file?

Very helpful… please make sure u do the setting in your client designer level

if u have a WSDL file then i guess you should be able to create a consumer wsd…

Certs and things are required when it is referring to a namespace or shema loc which is https… but am not 100% sure about this… just a guess

Thanks DCova!
Worked perfectly for me, though the location of the cacert file is [INSTALL_DIR]\jvm\jvm\jre\lib\security nowadays.

No other changes were required at my end. I just added the our companies CA certificate chain to the truststore (cacerts) and restarted Designer.

Best regards,
Marcus