webMethods

Integration Server/Enterprise Gateway 10.5

I’m not sure how to include the Go Daddy Secure Certificate Authority - G2 in my keystore. The downloaded certificate zip file has my private key and the gd-g2_iis_intermediates.p7b key for godaddy. I am unsure how to make the gateway present the intermediate certificate and this is causing issues for our customers unless they disable SSL certificate verification.

I have tested this through SSL Server Test (Powered by Qualys SSL Labs) and I get this message:

image708×201 14.2 KB

Hi Joseph,

do you have a central truststore configured for your IS, that goes on top of the cacerts file from the JVM?
Looks like the GoDaddy Root certificate is part of the cacerts file from the JVM.

In this case add the GoDaddy Secure certificate to this truststore in IS and restart the IS.
I would avoid changing the cacerts file of the JVM as this can be overwritten when the JVM gets updated.

Place your private key and the corresponding certificate (signed by GoDaddy Secure?) in a PKCS#12 file and configure this as a Keystore in IS.

Can you share your Keystore, Certificates and Port Configuration pages for further analysis, please?
Can you check the certificate chain when connecting via browser to your Server via https?

Regards,
Holger

Holger,

Thanks for your help. I was actually able to figure this out myself after several attempts. I had to combine the intermediary cert with my cert AND then also include the intermediary cert in the keystore.