Hello Team,
I am trying to reach a web service  from a SOAP request node  but facing the below issue

HTTP Response Error, send to alternate: Node throwing exception / Error occurred in ImbSOAPRequestHelper::makeSOAPRequest() / WebService Request Exception / A Web Service request has detected a SOCKET error whilst invoking a web service located at host &1, on port &2, on path &3. RecoverableException<com.ibm.broker.plugin.MbRecoverableException class:SecurityUtils method:loadKeystore source:BIPmsgs key:3537 >
the BIP messages refers to "unable to open keystore due to error "
The jks file is placed in home/aceuser/ace-server/xxx.jks and the integration server server.conf.yaml has been updated for

   keystoreType: 'JKS'
    keystoreFile: 'home/aceuser/keystores/xxx.jks'
    keystorePass: 'password'
    truststoreType: 'JKS'
    truststoreFile: 'home/aceuser/keystores/xxx.jks'
    truststorePass: 'password'

Things I checked
1.the keystore has the correct permission
2.Used the keytool list to find the expiry and the keystore type-all good 
Please let me know if you need more info
Thanks a lot

Hello Team,
I am trying to reach a web service  from a SOAP request node  but facing the below issue

HTTP Response Error, send to alternate: Node throwing exception / Error occurred in ImbSOAPRequestHelper::makeSOAPRequest() / WebService Request Exception / A Web Service request has detected a SOCKET error whilst invoking a web service located at host &1, on port &2, on path &3. RecoverableException<com.ibm.broker.plugin.MbRecoverableException class:SecurityUtils method:loadKeystore source:BIPmsgs key:3537 >
the BIP messages refers to "unable to open keystore due to error "
The jks file is placed in home/aceuser/ace-server/xxx.jks and the integration server server.conf.yaml has been updated for

   keystoreType: 'JKS'
    keystoreFile: 'home/aceuser/keystores/xxx.jks'
    keystorePass: 'password'
    truststoreType: 'JKS'
    truststoreFile: 'home/aceuser/keystores/xxx.jks'
    truststorePass: 'password'

Things I checked
1.the keystore has the correct permission
2.Used the keytool list to find the expiry and the keystore type-all good 
Please let me know if you need more info
Thanks a lot

------------------------------
madhu ram
------------------------------

Hello Team,
I am trying to reach a web service  from a SOAP request node  but facing the below issue

HTTP Response Error, send to alternate: Node throwing exception / Error occurred in ImbSOAPRequestHelper::makeSOAPRequest() / WebService Request Exception / A Web Service request has detected a SOCKET error whilst invoking a web service located at host &1, on port &2, on path &3. RecoverableException<com.ibm.broker.plugin.MbRecoverableException class:SecurityUtils method:loadKeystore source:BIPmsgs key:3537 >
the BIP messages refers to "unable to open keystore due to error "
The jks file is placed in home/aceuser/ace-server/xxx.jks and the integration server server.conf.yaml has been updated for

   keystoreType: 'JKS'
    keystoreFile: 'home/aceuser/keystores/xxx.jks'
    keystorePass: 'password'
    truststoreType: 'JKS'
    truststoreFile: 'home/aceuser/keystores/xxx.jks'
    truststorePass: 'password'

Things I checked
1.the keystore has the correct permission
2.Used the keytool list to find the expiry and the keystore type-all good 
Please let me know if you need more info
Thanks a lot

Hello Team,
I am trying to reach a web service  from a SOAP request node  but facing the below issue

HTTP Response Error, send to alternate: Node throwing exception / Error occurred in ImbSOAPRequestHelper::makeSOAPRequest() / WebService Request Exception / A Web Service request has detected a SOCKET error whilst invoking a web service located at host &1, on port &2, on path &3. RecoverableException<com.ibm.broker.plugin.MbRecoverableException class:SecurityUtils method:loadKeystore source:BIPmsgs key:3537 >
the BIP messages refers to "unable to open keystore due to error "
The jks file is placed in home/aceuser/ace-server/xxx.jks and the integration server server.conf.yaml has been updated for

   keystoreType: 'JKS'
    keystoreFile: 'home/aceuser/keystores/xxx.jks'
    keystorePass: 'password'
    truststoreType: 'JKS'
    truststoreFile: 'home/aceuser/keystores/xxx.jks'
    truststorePass: 'password'

Things I checked
1.the keystore has the correct permission
2.Used the keytool list to find the expiry and the keystore type-all good 
Please let me know if you need more info
Thanks a lot

Hello Team,
I am trying to reach a web service  from a SOAP request node  but facing the below issue

HTTP Response Error, send to alternate: Node throwing exception / Error occurred in ImbSOAPRequestHelper::makeSOAPRequest() / WebService Request Exception / A Web Service request has detected a SOCKET error whilst invoking a web service located at host &1, on port &2, on path &3. RecoverableException<com.ibm.broker.plugin.MbRecoverableException class:SecurityUtils method:loadKeystore source:BIPmsgs key:3537 >
the BIP messages refers to "unable to open keystore due to error "
The jks file is placed in home/aceuser/ace-server/xxx.jks and the integration server server.conf.yaml has been updated for

   keystoreType: 'JKS'
    keystoreFile: 'home/aceuser/keystores/xxx.jks'
    keystorePass: 'password'
    truststoreType: 'JKS'
    truststoreFile: 'home/aceuser/keystores/xxx.jks'
    truststorePass: 'password'

Things I checked
1.the keystore has the correct permission
2.Used the keytool list to find the expiry and the keystore type-all good 
Please let me know if you need more info
Thanks a lot

Hello Kim,

Answering your questions below 

• Yes the service I am  calling with soap request is using mtls.
• I made a mistake in the beginning, now I have a keystore and trust store separated.
• Yes, my key store contains a valid private/public key pair
• What pwd should I set in vault? The gateway uses mtls for connection ( correct me if I need to set one 
• As it's an Mtls, keystore config  is required
• I am facing g an error client TLS cert missing

Question

Should I configure the property ssl client key alias in the soap request node

I tried setting it to the key alias name , but did not work

Need Inputs 

Thanks

Madhu

Hello Team,
I am trying to reach a web service  from a SOAP request node  but facing the below issue

HTTP Response Error, send to alternate: Node throwing exception / Error occurred in ImbSOAPRequestHelper::makeSOAPRequest() / WebService Request Exception / A Web Service request has detected a SOCKET error whilst invoking a web service located at host &1, on port &2, on path &3. RecoverableException<com.ibm.broker.plugin.MbRecoverableException class:SecurityUtils method:loadKeystore source:BIPmsgs key:3537 >
the BIP messages refers to "unable to open keystore due to error "
The jks file is placed in home/aceuser/ace-server/xxx.jks and the integration server server.conf.yaml has been updated for

   keystoreType: 'JKS'
    keystoreFile: 'home/aceuser/keystores/xxx.jks'
    keystorePass: 'password'
    truststoreType: 'JKS'
    truststoreFile: 'home/aceuser/keystores/xxx.jks'
    truststorePass: 'password'

Things I checked
1.the keystore has the correct permission
2.Used the keytool list to find the expiry and the keystore type-all good 
Please let me know if you need more info
Thanks a lot

Hello Kim,

Answering your questions below 

• Yes the service I am  calling with soap request is using mtls.
• I made a mistake in the beginning, now I have a keystore and trust store separated.
• Yes, my key store contains a valid private/public key pair
• What pwd should I set in vault? The gateway uses mtls for connection ( correct me if I need to set one 
• As it's an Mtls, keystore config  is required
• I am facing g an error client TLS cert missing

Question

Should I configure the property ssl client key alias in the soap request node

I tried setting it to the key alias name , but did not work

Need Inputs 

Thanks

Madhu

Hello Team,
I am trying to reach a web service  from a SOAP request node  but facing the below issue

HTTP Response Error, send to alternate: Node throwing exception / Error occurred in ImbSOAPRequestHelper::makeSOAPRequest() / WebService Request Exception / A Web Service request has detected a SOCKET error whilst invoking a web service located at host &1, on port &2, on path &3. RecoverableException<com.ibm.broker.plugin.MbRecoverableException class:SecurityUtils method:loadKeystore source:BIPmsgs key:3537 >
the BIP messages refers to "unable to open keystore due to error "
The jks file is placed in home/aceuser/ace-server/xxx.jks and the integration server server.conf.yaml has been updated for

   keystoreType: 'JKS'
    keystoreFile: 'home/aceuser/keystores/xxx.jks'
    keystorePass: 'password'
    truststoreType: 'JKS'
    truststoreFile: 'home/aceuser/keystores/xxx.jks'
    truststorePass: 'password'

Things I checked
1.the keystore has the correct permission
2.Used the keytool list to find the expiry and the keystore type-all good 
Please let me know if you need more info
Thanks a lot

Hello  Kim

Thanks for the reply

I tried to  set up mtls with postman

And get the error

Client TLS cert is required.

Hello Kim,

Answering your questions below 

• Yes the service I am  calling with soap request is using mtls.
• I made a mistake in the beginning, now I have a keystore and trust store separated.
• Yes, my key store contains a valid private/public key pair
• What pwd should I set in vault? The gateway uses mtls for connection ( correct me if I need to set one 
• As it's an Mtls, keystore config  is required
• I am facing g an error client TLS cert missing

Question

Should I configure the property ssl client key alias in the soap request node

I tried setting it to the key alias name , but did not work

Need Inputs 

Thanks

Madhu

Hello Team,
I am trying to reach a web service  from a SOAP request node  but facing the below issue

HTTP Response Error, send to alternate: Node throwing exception / Error occurred in ImbSOAPRequestHelper::makeSOAPRequest() / WebService Request Exception / A Web Service request has detected a SOCKET error whilst invoking a web service located at host &1, on port &2, on path &3. RecoverableException<com.ibm.broker.plugin.MbRecoverableException class:SecurityUtils method:loadKeystore source:BIPmsgs key:3537 >
the BIP messages refers to "unable to open keystore due to error "
The jks file is placed in home/aceuser/ace-server/xxx.jks and the integration server server.conf.yaml has been updated for

   keystoreType: 'JKS'
    keystoreFile: 'home/aceuser/keystores/xxx.jks'
    keystorePass: 'password'
    truststoreType: 'JKS'
    truststoreFile: 'home/aceuser/keystores/xxx.jks'
    truststorePass: 'password'

Things I checked
1.the keystore has the correct permission
2.Used the keytool list to find the expiry and the keystore type-all good 
Please let me know if you need more info
Thanks a lot

Also do we need the vault if the keystore is using default pwd . Pardon my ignorance .

Hello  Kim

Thanks for the reply

I tried to  set up mtls with postman

And get the error

Client TLS cert is required.

Hello Kim,

Answering your questions below 

• Yes the service I am  calling with soap request is using mtls.
• I made a mistake in the beginning, now I have a keystore and trust store separated.
• Yes, my key store contains a valid private/public key pair
• What pwd should I set in vault? The gateway uses mtls for connection ( correct me if I need to set one 
• As it's an Mtls, keystore config  is required
• I am facing g an error client TLS cert missing

Question

Should I configure the property ssl client key alias in the soap request node

I tried setting it to the key alias name , but did not work

Need Inputs 

Thanks

Madhu

Hello Team,
I am trying to reach a web service  from a SOAP request node  but facing the below issue

HTTP Response Error, send to alternate: Node throwing exception / Error occurred in ImbSOAPRequestHelper::makeSOAPRequest() / WebService Request Exception / A Web Service request has detected a SOCKET error whilst invoking a web service located at host &1, on port &2, on path &3. RecoverableException<com.ibm.broker.plugin.MbRecoverableException class:SecurityUtils method:loadKeystore source:BIPmsgs key:3537 >
the BIP messages refers to "unable to open keystore due to error "
The jks file is placed in home/aceuser/ace-server/xxx.jks and the integration server server.conf.yaml has been updated for

   keystoreType: 'JKS'
    keystoreFile: 'home/aceuser/keystores/xxx.jks'
    keystorePass: 'password'
    truststoreType: 'JKS'
    truststoreFile: 'home/aceuser/keystores/xxx.jks'
    truststorePass: 'password'

Things I checked
1.the keystore has the correct permission
2.Used the keytool list to find the expiry and the keystore type-all good 
Please let me know if you need more info
Thanks a lot

Looks like you have a Key infrastructure error.

Make sure that you have

• a client key define in the keystore
• the client signer chain available in the keystore
• the client root cert in the destination's truststore
• the destination server chain in the truststore
• a password defined on each of the stores set either with set dbparms or in the vault

Hope it helps

Also do we need the vault if the keystore is using default pwd . Pardon my ignorance .

Hello  Kim

Thanks for the reply

I tried to  set up mtls with postman

And get the error

Client TLS cert is required.

Hello Kim,

Answering your questions below 

• Yes the service I am  calling with soap request is using mtls.
• I made a mistake in the beginning, now I have a keystore and trust store separated.
• Yes, my key store contains a valid private/public key pair
• What pwd should I set in vault? The gateway uses mtls for connection ( correct me if I need to set one 
• As it's an Mtls, keystore config  is required
• I am facing g an error client TLS cert missing

Question

Should I configure the property ssl client key alias in the soap request node

I tried setting it to the key alias name , but did not work

Need Inputs 

Thanks

Madhu

Hello Team,
I am trying to reach a web service  from a SOAP request node  but facing the below issue

HTTP Response Error, send to alternate: Node throwing exception / Error occurred in ImbSOAPRequestHelper::makeSOAPRequest() / WebService Request Exception / A Web Service request has detected a SOCKET error whilst invoking a web service located at host &1, on port &2, on path &3. RecoverableException<com.ibm.broker.plugin.MbRecoverableException class:SecurityUtils method:loadKeystore source:BIPmsgs key:3537 >
the BIP messages refers to "unable to open keystore due to error "
The jks file is placed in home/aceuser/ace-server/xxx.jks and the integration server server.conf.yaml has been updated for

   keystoreType: 'JKS'
    keystoreFile: 'home/aceuser/keystores/xxx.jks'
    keystorePass: 'password'
    truststoreType: 'JKS'
    truststoreFile: 'home/aceuser/keystores/xxx.jks'
    truststorePass: 'password'

Things I checked
1.the keystore has the correct permission
2.Used the keytool list to find the expiry and the keystore type-all good 
Please let me know if you need more info
Thanks a lot

Looks like you have a Key infrastructure error.

Make sure that you have

• a client key define in the keystore
• the client signer chain available in the keystore
• the client root cert in the destination's truststore
• the destination server chain in the truststore
• a password defined on each of the stores set either with set dbparms or in the vault

Hope it helps

------------------------------
Francois Brandelik

Original Message:
Sent: Mon February 24, 2025 05:39 AM
From: madhu ram
Subject: App ssl issue while connect to an external web service

Also do we need the vault if the keystore is using default pwd . Pardon my ignorance .

------------------------------
madhu ram

Original Message:
Sent: Mon February 24, 2025 05:35 AM
From: madhu ram
Subject: App ssl issue while connect to an external web service

Hello  Kim

Thanks for the reply

I tried to  set up mtls with postman

And get the error

Client TLS cert is required.

------------------------------
madhu ram

Original Message:
Sent: Mon February 24, 2025 03:54 AM
From: Kim Meynendonckx
Subject: App ssl issue while connect to an external web service

------------------------------
Kim Meynendonckx

Original Message:
Sent: Fri February 21, 2025 08:41 AM
From: madhu ram
Subject: App ssl issue while connect to an external web service

Hello Kim,

Answering your questions below 

• Yes the service I am  calling with soap request is using mtls.
• I made a mistake in the beginning, now I have a keystore and trust store separated.
• Yes, my key store contains a valid private/public key pair
• What pwd should I set in vault? The gateway uses mtls for connection ( correct me if I need to set one 
• As it's an Mtls, keystore config  is required
• I am facing g an error client TLS cert missing

Question

Should I configure the property ssl client key alias in the soap request node

I tried setting it to the key alias name , but did not work

Need Inputs 

Thanks

Madhu

------------------------------
madhu ram

Original Message:
Sent: Thu February 20, 2025 03:09 AM
From: Kim Meynendonckx
Subject: App ssl issue while connect to an external web service

------------------------------
Kim Meynendonckx

Original Message:
Sent: Wed February 19, 2025 04:12 AM
From: madhu ram
Subject: App ssl issue while connect to an external web service

Hello Team,
I am trying to reach a web service  from a SOAP request node  but facing the below issue

HTTP Response Error, send to alternate: Node throwing exception / Error occurred in ImbSOAPRequestHelper::makeSOAPRequest() / WebService Request Exception / A Web Service request has detected a SOCKET error whilst invoking a web service located at host &1, on port &2, on path &3. RecoverableException<com.ibm.broker.plugin.MbRecoverableException class:SecurityUtils method:loadKeystore source:BIPmsgs key:3537 >
the BIP messages refers to "unable to open keystore due to error "
The jks file is placed in home/aceuser/ace-server/xxx.jks and the integration server server.conf.yaml has been updated for

   keystoreType: 'JKS'
    keystoreFile: 'home/aceuser/keystores/xxx.jks'
    keystorePass: 'password'
    truststoreType: 'JKS'
    truststoreFile: 'home/aceuser/keystores/xxx.jks'
    truststorePass: 'password'

Things I checked
1.the keystore has the correct permission
2.Used the keytool list to find the expiry and the keystore type-all good 
Please let me know if you need more info
Thanks a lot

------------------------------
madhu ram
------------------------------

Thanks everyone

Now The cert issue is resolved , I am am get a sucessful repsonse from API using thepostman as client
But my app connect broker app gives me 403  forbidden error as the client cert is getting provided to the server for Mutual authentication.

Things I tried 

1. truststore in server.conf.yaml updated with the server cert
2. keystore-here is where the problem is. I have created pem file of client certificate  and using keytool to create a jks  and update the keystore with the keystore.jks file but it fails .I tried creating a pkcs12 type with .p12 extension from the pem but it also does not work 
   Please help

------------------------------
madhu ram

Original Message:
Sent: Mon February 24, 2025 08:13 AM
From: Francois Brandelik
Subject: App ssl issue while connect to an external web service

Looks like you have a Key infrastructure error.

Make sure that you have

• a client key define in the keystore
• the client signer chain available in the keystore
• the client root cert in the destination's truststore
• the destination server chain in the truststore
• a password defined on each of the stores set either with set dbparms or in the vault

Hope it helps

------------------------------
Francois Brandelik

Original Message:
Sent: Mon February 24, 2025 05:39 AM
From: madhu ram
Subject: App ssl issue while connect to an external web service

Also do we need the vault if the keystore is using default pwd . Pardon my ignorance .

------------------------------
madhu ram

Original Message:
Sent: Mon February 24, 2025 05:35 AM
From: madhu ram
Subject: App ssl issue while connect to an external web service

Hello  Kim

Thanks for the reply

I tried to  set up mtls with postman

And get the error

Client TLS cert is required.

------------------------------
madhu ram

Original Message:
Sent: Mon February 24, 2025 03:54 AM
From: Kim Meynendonckx
Subject: App ssl issue while connect to an external web service

------------------------------
Kim Meynendonckx

Original Message:
Sent: Fri February 21, 2025 08:41 AM
From: madhu ram
Subject: App ssl issue while connect to an external web service

Hello Kim,

Answering your questions below 

• Yes the service I am  calling with soap request is using mtls.
• I made a mistake in the beginning, now I have a keystore and trust store separated.
• Yes, my key store contains a valid private/public key pair
• What pwd should I set in vault? The gateway uses mtls for connection ( correct me if I need to set one 
• As it's an Mtls, keystore config  is required
• I am facing g an error client TLS cert missing

Question

Should I configure the property ssl client key alias in the soap request node

I tried setting it to the key alias name , but did not work

Need Inputs 

Thanks

Madhu

------------------------------
madhu ram

Original Message:
Sent: Thu February 20, 2025 03:09 AM
From: Kim Meynendonckx
Subject: App ssl issue while connect to an external web service

------------------------------
Kim Meynendonckx

Original Message:
Sent: Wed February 19, 2025 04:12 AM
From: madhu ram
Subject: App ssl issue while connect to an external web service

Hello Team,
I am trying to reach a web service  from a SOAP request node  but facing the below issue

HTTP Response Error, send to alternate: Node throwing exception / Error occurred in ImbSOAPRequestHelper::makeSOAPRequest() / WebService Request Exception / A Web Service request has detected a SOCKET error whilst invoking a web service located at host &1, on port &2, on path &3. RecoverableException<com.ibm.broker.plugin.MbRecoverableException class:SecurityUtils method:loadKeystore source:BIPmsgs key:3537 >
the BIP messages refers to "unable to open keystore due to error "
The jks file is placed in home/aceuser/ace-server/xxx.jks and the integration server server.conf.yaml has been updated for

   keystoreType: 'JKS'
    keystoreFile: 'home/aceuser/keystores/xxx.jks'
    keystorePass: 'password'
    truststoreType: 'JKS'
    truststoreFile: 'home/aceuser/keystores/xxx.jks'
    truststorePass: 'password'

Things I checked
1.the keystore has the correct permission
2.Used the keytool list to find the expiry and the keystore type-all good 
Please let me know if you need more info
Thanks a lot

------------------------------
madhu ram
------------------------------

Thanks everyone

Now The cert issue is resolved , I am am get a sucessful repsonse from API using thepostman as client
But my app connect broker app gives me 403  forbidden error as the client cert is getting provided to the server for Mutual authentication.

Things I tried 

1. truststore in server.conf.yaml updated with the server cert
2. keystore-here is where the problem is. I have created pem file of client certificate  and using keytool to create a jks  and update the keystore with the keystore.jks file but it fails .I tried creating a pkcs12 type with .p12 extension from the pem but it also does not work 
   Please help

------------------------------
madhu ram

Original Message:
Sent: Mon February 24, 2025 08:13 AM
From: Francois Brandelik
Subject: App ssl issue while connect to an external web service

Looks like you have a Key infrastructure error.

Make sure that you have

• a client key define in the keystore
• the client signer chain available in the keystore
• the client root cert in the destination's truststore
• the destination server chain in the truststore
• a password defined on each of the stores set either with set dbparms or in the vault

Hope it helps

------------------------------
Francois Brandelik

Original Message:
Sent: Mon February 24, 2025 05:39 AM
From: madhu ram
Subject: App ssl issue while connect to an external web service

Also do we need the vault if the keystore is using default pwd . Pardon my ignorance .

------------------------------
madhu ram

Original Message:
Sent: Mon February 24, 2025 05:35 AM
From: madhu ram
Subject: App ssl issue while connect to an external web service

Hello  Kim

Thanks for the reply

I tried to  set up mtls with postman

And get the error

Client TLS cert is required.

------------------------------
madhu ram

Original Message:
Sent: Mon February 24, 2025 03:54 AM
From: Kim Meynendonckx
Subject: App ssl issue while connect to an external web service

------------------------------
Kim Meynendonckx

Original Message:
Sent: Fri February 21, 2025 08:41 AM
From: madhu ram
Subject: App ssl issue while connect to an external web service

Hello Kim,

Answering your questions below 

• Yes the service I am  calling with soap request is using mtls.
• I made a mistake in the beginning, now I have a keystore and trust store separated.
• Yes, my key store contains a valid private/public key pair
• What pwd should I set in vault? The gateway uses mtls for connection ( correct me if I need to set one 
• As it's an Mtls, keystore config  is required
• I am facing g an error client TLS cert missing

Question

Should I configure the property ssl client key alias in the soap request node

I tried setting it to the key alias name , but did not work

Need Inputs 

Thanks

Madhu

------------------------------
madhu ram

Original Message:
Sent: Thu February 20, 2025 03:09 AM
From: Kim Meynendonckx
Subject: App ssl issue while connect to an external web service

------------------------------
Kim Meynendonckx

Original Message:
Sent: Wed February 19, 2025 04:12 AM
From: madhu ram
Subject: App ssl issue while connect to an external web service

Hello Team,
I am trying to reach a web service  from a SOAP request node  but facing the below issue

HTTP Response Error, send to alternate: Node throwing exception / Error occurred in ImbSOAPRequestHelper::makeSOAPRequest() / WebService Request Exception / A Web Service request has detected a SOCKET error whilst invoking a web service located at host &1, on port &2, on path &3. RecoverableException<com.ibm.broker.plugin.MbRecoverableException class:SecurityUtils method:loadKeystore source:BIPmsgs key:3537 >
the BIP messages refers to "unable to open keystore due to error "
The jks file is placed in home/aceuser/ace-server/xxx.jks and the integration server server.conf.yaml has been updated for

   keystoreType: 'JKS'
    keystoreFile: 'home/aceuser/keystores/xxx.jks'
    keystorePass: 'password'
    truststoreType: 'JKS'
    truststoreFile: 'home/aceuser/keystores/xxx.jks'
    truststorePass: 'password'

Things I checked
1.the keystore has the correct permission
2.Used the keytool list to find the expiry and the keystore type-all good 
Please let me know if you need more info
Thanks a lot

------------------------------
madhu ram
------------------------------

Hi ,

Like @Francois Brandelik said it's probably related to an incorrect keystore. I often use Keystore explorer(free tool).

A good keystore should look like this.

Thanks everyone

Now The cert issue is resolved , I am am get a sucessful repsonse from API using thepostman as client
But my app connect broker app gives me 403  forbidden error as the client cert is getting provided to the server for Mutual authentication.

Things I tried 

1. truststore in server.conf.yaml updated with the server cert
2. keystore-here is where the problem is. I have created pem file of client certificate  and using keytool to create a jks  and update the keystore with the keystore.jks file but it fails .I tried creating a pkcs12 type with .p12 extension from the pem but it also does not work 
   Please help

------------------------------
madhu ram

Original Message:
Sent: Mon February 24, 2025 08:13 AM
From: Francois Brandelik
Subject: App ssl issue while connect to an external web service

Looks like you have a Key infrastructure error.

Make sure that you have

• a client key define in the keystore
• the client signer chain available in the keystore
• the client root cert in the destination's truststore
• the destination server chain in the truststore
• a password defined on each of the stores set either with set dbparms or in the vault

Hope it helps

------------------------------
Francois Brandelik

Original Message:
Sent: Mon February 24, 2025 05:39 AM
From: madhu ram
Subject: App ssl issue while connect to an external web service

Also do we need the vault if the keystore is using default pwd . Pardon my ignorance .

------------------------------
madhu ram

Original Message:
Sent: Mon February 24, 2025 05:35 AM
From: madhu ram
Subject: App ssl issue while connect to an external web service

Hello  Kim

Thanks for the reply

I tried to  set up mtls with postman

And get the error

Client TLS cert is required.

------------------------------
madhu ram

Original Message:
Sent: Mon February 24, 2025 03:54 AM
From: Kim Meynendonckx
Subject: App ssl issue while connect to an external web service

------------------------------
Kim Meynendonckx

Original Message:
Sent: Fri February 21, 2025 08:41 AM
From: madhu ram
Subject: App ssl issue while connect to an external web service

Hello Kim,

Answering your questions below 

• Yes the service I am  calling with soap request is using mtls.
• I made a mistake in the beginning, now I have a keystore and trust store separated.
• Yes, my key store contains a valid private/public key pair
• What pwd should I set in vault? The gateway uses mtls for connection ( correct me if I need to set one 
• As it's an Mtls, keystore config  is required
• I am facing g an error client TLS cert missing

Question

Should I configure the property ssl client key alias in the soap request node

I tried setting it to the key alias name , but did not work

Need Inputs 

Thanks

Madhu

------------------------------
madhu ram

Original Message:
Sent: Thu February 20, 2025 03:09 AM
From: Kim Meynendonckx
Subject: App ssl issue while connect to an external web service

------------------------------
Kim Meynendonckx

Original Message:
Sent: Wed February 19, 2025 04:12 AM
From: madhu ram
Subject: App ssl issue while connect to an external web service

Hello Team,
I am trying to reach a web service  from a SOAP request node  but facing the below issue

HTTP Response Error, send to alternate: Node throwing exception / Error occurred in ImbSOAPRequestHelper::makeSOAPRequest() / WebService Request Exception / A Web Service request has detected a SOCKET error whilst invoking a web service located at host &1, on port &2, on path &3. RecoverableException<com.ibm.broker.plugin.MbRecoverableException class:SecurityUtils method:loadKeystore source:BIPmsgs key:3537 >
the BIP messages refers to "unable to open keystore due to error "
The jks file is placed in home/aceuser/ace-server/xxx.jks and the integration server server.conf.yaml has been updated for

   keystoreType: 'JKS'
    keystoreFile: 'home/aceuser/keystores/xxx.jks'
    keystorePass: 'password'
    truststoreType: 'JKS'
    truststoreFile: 'home/aceuser/keystores/xxx.jks'
    truststorePass: 'password'

Things I checked
1.the keystore has the correct permission
2.Used the keytool list to find the expiry and the keystore type-all good 
Please let me know if you need more info
Thanks a lot

------------------------------
madhu ram
------------------------------

Thanks all. The keystore looks valid. Please pardon my ignorance  for asking this, how will the broker app using soap request node understand that  it should use mtls. Is it from the server.conf.yaml fields JVM : keystore, trustore or should I configure any properties in the soap request node .

Hi ,

Like @Francois Brandelik said it's probably related to an incorrect keystore. I often use Keystore explorer(free tool).

A good keystore should look like this.

Thanks everyone

Now The cert issue is resolved , I am am get a sucessful repsonse from API using thepostman as client
But my app connect broker app gives me 403  forbidden error as the client cert is getting provided to the server for Mutual authentication.

Things I tried 

1. truststore in server.conf.yaml updated with the server cert
2. keystore-here is where the problem is. I have created pem file of client certificate  and using keytool to create a jks  and update the keystore with the keystore.jks file but it fails .I tried creating a pkcs12 type with .p12 extension from the pem but it also does not work 
   Please help

------------------------------
madhu ram

Original Message:
Sent: Mon February 24, 2025 08:13 AM
From: Francois Brandelik
Subject: App ssl issue while connect to an external web service

Looks like you have a Key infrastructure error.

Make sure that you have

• a client key define in the keystore
• the client signer chain available in the keystore
• the client root cert in the destination's truststore
• the destination server chain in the truststore
• a password defined on each of the stores set either with set dbparms or in the vault

Hope it helps

------------------------------
Francois Brandelik

Original Message:
Sent: Mon February 24, 2025 05:39 AM
From: madhu ram
Subject: App ssl issue while connect to an external web service

Also do we need the vault if the keystore is using default pwd . Pardon my ignorance .

------------------------------
madhu ram

Original Message:
Sent: Mon February 24, 2025 05:35 AM
From: madhu ram
Subject: App ssl issue while connect to an external web service

Hello  Kim

Thanks for the reply

I tried to  set up mtls with postman

And get the error

Client TLS cert is required.

------------------------------
madhu ram

Original Message:
Sent: Mon February 24, 2025 03:54 AM
From: Kim Meynendonckx
Subject: App ssl issue while connect to an external web service

------------------------------
Kim Meynendonckx

Original Message:
Sent: Fri February 21, 2025 08:41 AM
From: madhu ram
Subject: App ssl issue while connect to an external web service

Hello Kim,

Answering your questions below 

• Yes the service I am  calling with soap request is using mtls.
• I made a mistake in the beginning, now I have a keystore and trust store separated.
• Yes, my key store contains a valid private/public key pair
• What pwd should I set in vault? The gateway uses mtls for connection ( correct me if I need to set one 
• As it's an Mtls, keystore config  is required
• I am facing g an error client TLS cert missing

Question

Should I configure the property ssl client key alias in the soap request node

I tried setting it to the key alias name , but did not work

Need Inputs 

Thanks

Madhu

------------------------------
madhu ram

Original Message:
Sent: Thu February 20, 2025 03:09 AM
From: Kim Meynendonckx
Subject: App ssl issue while connect to an external web service

------------------------------
Kim Meynendonckx

Original Message:
Sent: Wed February 19, 2025 04:12 AM
From: madhu ram
Subject: App ssl issue while connect to an external web service

Hello Team,
I am trying to reach a web service  from a SOAP request node  but facing the below issue

HTTP Response Error, send to alternate: Node throwing exception / Error occurred in ImbSOAPRequestHelper::makeSOAPRequest() / WebService Request Exception / A Web Service request has detected a SOCKET error whilst invoking a web service located at host &1, on port &2, on path &3. RecoverableException<com.ibm.broker.plugin.MbRecoverableException class:SecurityUtils method:loadKeystore source:BIPmsgs key:3537 >
the BIP messages refers to "unable to open keystore due to error "
The jks file is placed in home/aceuser/ace-server/xxx.jks and the integration server server.conf.yaml has been updated for

   keystoreType: 'JKS'
    keystoreFile: 'home/aceuser/keystores/xxx.jks'
    keystorePass: 'password'
    truststoreType: 'JKS'
    truststoreFile: 'home/aceuser/keystores/xxx.jks'
    truststorePass: 'password'

Things I checked
1.the keystore has the correct permission
2.Used the keytool list to find the expiry and the keystore type-all good 
Please let me know if you need more info
Thanks a lot

------------------------------
madhu ram
------------------------------

mTLS is configured on the service being connected to, and the SSL/TLS handshake enforces this security mechanism. During the handshake, if the request node receives a client certificate request, it provides the client certificate configured on the integration server or node.
If none is found then the SSL handshake terminates with client certificate issue as reason.

------------------------------
Kim Meynendonckx

Original Message:
Sent: Fri February 28, 2025 06:04 AM
From: madhu ram
Subject: App ssl issue while connect to an external web service

Thanks all. The keystore looks valid. Please pardon my ignorance  for asking this, how will the broker app using soap request node understand that  it should use mtls. Is it from the server.conf.yaml fields JVM : keystore, trustore or should I configure any properties in the soap request node .

------------------------------
madhu ram

Original Message:
Sent: Fri February 28, 2025 02:00 AM
From: Kim Meynendonckx
Subject: App ssl issue while connect to an external web service

Hi ,

Like @Francois Brandelik said it's probably related to an incorrect keystore. I often use Keystore explorer(free tool).

A good keystore should look like this.

------------------------------
Kim Meynendonckx

Original Message:
Sent: Thu February 27, 2025 02:28 AM
From: madhu ram
Subject: App ssl issue while connect to an external web service

Thanks everyone

Now The cert issue is resolved , I am am get a sucessful repsonse from API using thepostman as client
But my app connect broker app gives me 403  forbidden error as the client cert is getting provided to the server for Mutual authentication.

Things I tried 

1. truststore in server.conf.yaml updated with the server cert
2. keystore-here is where the problem is. I have created pem file of client certificate  and using keytool to create a jks  and update the keystore with the keystore.jks file but it fails .I tried creating a pkcs12 type with .p12 extension from the pem but it also does not work 
   Please help

------------------------------
madhu ram

Original Message:
Sent: Mon February 24, 2025 08:13 AM
From: Francois Brandelik
Subject: App ssl issue while connect to an external web service

Looks like you have a Key infrastructure error.

Make sure that you have

• a client key define in the keystore
• the client signer chain available in the keystore
• the client root cert in the destination's truststore
• the destination server chain in the truststore
• a password defined on each of the stores set either with set dbparms or in the vault

Hope it helps

------------------------------
Francois Brandelik

Original Message:
Sent: Mon February 24, 2025 05:39 AM
From: madhu ram
Subject: App ssl issue while connect to an external web service

Also do we need the vault if the keystore is using default pwd . Pardon my ignorance .

------------------------------
madhu ram

Original Message:
Sent: Mon February 24, 2025 05:35 AM
From: madhu ram
Subject: App ssl issue while connect to an external web service

Hello  Kim

Thanks for the reply

I tried to  set up mtls with postman

And get the error

Client TLS cert is required.

------------------------------
madhu ram

Original Message:
Sent: Mon February 24, 2025 03:54 AM
From: Kim Meynendonckx
Subject: App ssl issue while connect to an external web service

------------------------------
Kim Meynendonckx

Original Message:
Sent: Fri February 21, 2025 08:41 AM
From: madhu ram
Subject: App ssl issue while connect to an external web service

Hello Kim,

Answering your questions below 

• Yes the service I am  calling with soap request is using mtls.
• I made a mistake in the beginning, now I have a keystore and trust store separated.
• Yes, my key store contains a valid private/public key pair
• What pwd should I set in vault? The gateway uses mtls for connection ( correct me if I need to set one 
• As it's an Mtls, keystore config  is required
• I am facing g an error client TLS cert missing

Question

Should I configure the property ssl client key alias in the soap request node

I tried setting it to the key alias name , but did not work

Need Inputs 

Thanks

Madhu

------------------------------
madhu ram

Original Message:
Sent: Thu February 20, 2025 03:09 AM
From: Kim Meynendonckx
Subject: App ssl issue while connect to an external web service

------------------------------
Kim Meynendonckx

Original Message:
Sent: Wed February 19, 2025 04:12 AM
From: madhu ram
Subject: App ssl issue while connect to an external web service

Hello Team,
I am trying to reach a web service  from a SOAP request node  but facing the below issue

HTTP Response Error, send to alternate: Node throwing exception / Error occurred in ImbSOAPRequestHelper::makeSOAPRequest() / WebService Request Exception / A Web Service request has detected a SOCKET error whilst invoking a web service located at host &1, on port &2, on path &3. RecoverableException<com.ibm.broker.plugin.MbRecoverableException class:SecurityUtils method:loadKeystore source:BIPmsgs key:3537 >
the BIP messages refers to "unable to open keystore due to error "
The jks file is placed in home/aceuser/ace-server/xxx.jks and the integration server server.conf.yaml has been updated for

   keystoreType: 'JKS'
    keystoreFile: 'home/aceuser/keystores/xxx.jks'
    keystorePass: 'password'
    truststoreType: 'JKS'
    truststoreFile: 'home/aceuser/keystores/xxx.jks'
    truststorePass: 'password'

Things I checked
1.the keystore has the correct permission
2.Used the keytool list to find the expiry and the keystore type-all good 
Please let me know if you need more info
Thanks a lot

------------------------------
madhu ram
------------------------------

Hello Team,
I am trying to reach a web service  from a SOAP request node  but facing the below issue

HTTP Response Error, send to alternate: Node throwing exception / Error occurred in ImbSOAPRequestHelper::makeSOAPRequest() / WebService Request Exception / A Web Service request has detected a SOCKET error whilst invoking a web service located at host &1, on port &2, on path &3. RecoverableException<com.ibm.broker.plugin.MbRecoverableException class:SecurityUtils method:loadKeystore source:BIPmsgs key:3537 >
the BIP messages refers to "unable to open keystore due to error "
The jks file is placed in home/aceuser/ace-server/xxx.jks and the integration server server.conf.yaml has been updated for

   keystoreType: 'JKS'
    keystoreFile: 'home/aceuser/keystores/xxx.jks'
    keystorePass: 'password'
    truststoreType: 'JKS'
    truststoreFile: 'home/aceuser/keystores/xxx.jks'
    truststorePass: 'password'

Things I checked
1.the keystore has the correct permission
2.Used the keytool list to find the expiry and the keystore type-all good 
Please let me know if you need more info
Thanks a lot