webMethods

 View Only
Expand all | Collapse all

Passing certificate in HTTPS call to an Azure api

  • 1.  Passing certificate in HTTPS call to an Azure api

    Posted Wed February 10, 2021 01:27 AM

    Hi Folks,

    The use case is as below:

    • We have been doing the HTTPS call to a Microsoft API even before but they never asked for the certificate till now.

    • Now we have to call them to a new URL and pass our certificate, they have configured the thumbprint of same certificate at their end.

    • We were doing a custom http call before, but now we are doing the http call as below

      1. pub.security.keystore:setKeyAndChain
      2. pub.client:http
      3. pub.security:clearKeyAndChain
        But still getting the error as : com.wm.net.NetException: [ISC.0064.9314] Authorization Required: Client certificate or AAD Bearer token not found in request.

    • We have our certificate configured and mapped with our HTTPS port in Security > Keystore and we have CA Cert in truststore.

    • Even we have configured the certificate of the API which we are making HTTPS call to in Security > Certificates > Configure Client Certificates and mapped to a user which is part of group Administrator .

    • In Security > Certificates, I have the same Keystore and TrustStore as we have in Security > Keystore.

    Still not sure what else required to send them the certificate so that they can verify the HTTPS call with certificate against the thumbprint of same certificate.

    Though here from pub.security.keystore:setKeyAndChain no certificate is produced and not sure if it is produced from services like pub.security.keystore:getKeyAndChain or pub.security.keystore:getTrustedCertificates, where to pass it in pub.client:http

    Any help here would be much appreciated!

    Regards,

    Sanket


    #HTTPS-Call
    #webMethods
    #Inegration-Server


  • 2.  RE: Passing certificate in HTTPS call to an Azure api

    Posted Mon February 15, 2021 11:37 PM

    Hi Sanket,
    Can you please do the following and share the server.log and IS profile logs

    1. Enable the SSL logging by setting the watt property watt.config.systemProperties=mail.imap.partialfetch=true,javax.net.debug=ssl
    2. Set the logging of HTTP Header, HTTP Request, HTTP Response component to DEBUG
    3. Restart the IS.

    There are couple of reasons when IS (acting as client) will not send it’s certificate.

    1. If the server is not sending any CA certificates
    2. If none of the CA certificates that is send by the server signed the IS certificate.

    Thanks.


    #Inegration-Server
    #HTTPS-Call
    #webMethods


  • 3.  RE: Passing certificate in HTTPS call to an Azure api

    Posted Thu March 04, 2021 11:05 AM

    Hi Jaideep,

    Thanks a lot for your inputs!

    I was away for a while so sorry for delay in response.

    After doing the below said at service level:

    1. pub.security.keystore:setKeyAndChain
    2. pub.client:http
    3. pub.security:clearKeyAndChain

    Further, at Extended Setting the below said made it work:

    watt.security.ssl.client.ignoreEmptyAuthoritiesList=true

    Thanks a lot for your reply!

    Regards,
    Sanket


    #webMethods
    #Inegration-Server
    #HTTPS-Call