Hi Hemachandra,
As BHARAT mentioned, please open a support case to IBM to verify everything is fine.
Do you have the public certificate of the HTTPs server imported to the signer certificate of the keystore if required?
;===============================================================================
; The "SSL_CLIENT" section is used by the WTX HTTP/S and FTP/S adapters.
;
; a) The "secure_mode" entry is a global flag that requires WTX to be NIST
; SP800-131a compliant when communicating via an SSL-based HTTP or FTP
; connection. This mode can enable the sole use of the TLSv1.2 protocol.
; Use the following values to enforce the intended action across all
; map SSL-based communications.
; 0 - Use TLS/SSL protocol, but no special security level is required
; 1 - Require NIST SP800-131a compliance
; 2 - Require TLS V1.2 protocol (which includes NIST SP800-131a)
;
; b) The "key_store" entry specifies the full path for all personal and CA
; certificate entries.
; If no path is specified, then it defaults to the INI directory.
;
; NOTE:
; The wtx_ssl example readme shows how to configure the "key_store" file.
;
; c) The "key_stash" entry specifies the file which contains the password
; required to open the key_store.
; If this is uncommented, the following methods will be used, in order
; of precedence.
; INI entry: key_pswd
; Environment variable: WTX_SSL_KEYFILE_PSWD
; Default: changeit
;
; NOTE:
; The wtx_ssl example readme shows how to change the default password.
;
; d) The "authentication" entry
; on - Requires SSL peer authentication
; off - if authentication is not required (e.g. for testing purposes)
;
; NOTE:
; Even though 'off' is specified, the SSL protocol is still used for
; encryption and data integrity - but without authentication.
; Also, a non-zero secure_mode setting will supersede this setting.
;
; e) The "cert_label" entry is the name of the default certificate in the key
; store that is used for authentication purposes.
;
; f) The "cert_label_global" entry determines whether cert label (if provided)
; is global or not.
; Set to 1 if cert label should be forced as a global label.
; Set to 0 if cert label is default, but can be overriden by command line.
;
; g) The "trace_file" entry specifies an SSL log file. If path is not fully
; qualified, it defaults to the WTX installation directory.
;
; h) The "trace_mode" entry specifies the type of entries in the log file.
; 0 - None
; 1 - Error only (default)
; 2 - Standard
; 3 - Verbose
;
; i) The "protocol_disable" entry disables specific SSL protocols when the
; secure mode flag is set to 0. Values can be added to disable
; multiple protocols (e.g. 3 disables SSLv2 and SSLv3).
; Default value = 3.
; 0 - none (legacy behavior which disables no protocols)
; 1 - SSLv2 (disabled by default)
; 2 - SSLv3 (disabled by default)
; 4 - TLSv1
; 8 - TLSv11
; 16 - TLSv12
;
;===============================================================================
[SSL_CLIENT]
secure_mode=0
key_store=wtx_keys.p12
key_stash=wtx_keys.sth
authentication=off
cert_label=
cert_label_global=0
trace_file=wtxsslclient.log
trace_mode=1
protocol_disable=3
[SPE]
SPE_INSTALL_DIR=C:\IBM\Standards Processing Engine 9.0.0
------------------------------
Wai Man Wong
------------------------------
Original Message:
Sent: Tue April 28, 2020 10:34 AM
From: Hemachandra G
Subject: HTTP connection error in WTX
Hi Wai Man Wong,
I tried most of the parameters, but no luck.
My concern is when it is working with plain http URL and also working from postman (plain http and https both). But why it is not working if I use https URL.
Thank you in advance !!
------------------------------
Hemachandra G
Original Message:
Sent: Thu April 23, 2020 02:45 AM
From: Wai Man Wong
Subject: HTTP connection error in WTX
Try any parameter required for HTTPS
-URL {HTTP|HTTPS}://[user[:pass]@][host[:port]][/dir[/file]]
[-CA filename]
[-CERT filename]
[-CPASS password]
[-FROM address]
[-HDR[+][I]]
[-IGNORE error_code[:error_code]]
[-INLINE]
[-KPASS password]
[-LSN seconds]
[-METHOD [method_name]]
[-MODIFIED http-date]
[-PKEY filename]
[-PROXY {HTTP|HTTPS}://[user[:pass]@][host[:port]][/dir[/file]]]
[-REDIRECT limit]
[-SESSION session_id [*]]
[-SOCKS {socks4|socks5}://[user[:pass]@][host[:port]]
[-SPROTO {SSLv2|SSLv3|SSLv23|TLSv1}]
[-STR {WEAK|STRONG|ANY}]
[-TIMEOUT time_in_seconds]
[-T[E][+][S|V] [full_path]]
[-TUNNELING]
[-TYPE content_type]
------------------------------
Wai Man Wong
Original Message:
Sent: Sun April 05, 2020 10:06 AM
From: Hemachandra G
Subject: HTTP connection error in WTX
Hi Team,
I am trying to get the token from https url. Below is rule.
GET("HTTP", "-URL https://123.com/connect/Token/ -METHOD POST -TV -HDR+ ", PACKAGE(tokenRequestInput))
While using https connection, trace is showing a "GSK error with SSL connection is not established with target server"
But when I use Postman tool, it is working.
Please help me..
------------------------------
Hemachandra G
------------------------------
#B2BIntegration
#SupplyChain