IBM webMethods Hybrid Integration

IBM webMethods Hybrid Integration

Join this online group to communicate across IBM product users and experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

  • 1.  Partner SelfSigned certificate

    Posted Wed January 28, 2004 11:59 PM

    I am using wm.EDIINT.processMsg and when a partner is sending a message with their self signed certificate it is giving an errorCode = 7 which indicates an “Untrusted Certificate”.

    In the partner’s TN profile all I have in the Security tab for Encrypt and Verify tabs is the Lowes(partner) self signed certificate. This is the first partner to use a self signed certificate. We therefore do not have a CA Chain for this- I don’t know much about certificates and the partner told me there wasn’t a CA Chain… is this accurate? Or should we request some other piece of information.

    We are in a testing phase for an EDIINT implementation and would like to resolve this ASAP. We are running IS 6.0.1 on HPUX.

    Thank you, ALL help is appreciated!
    Jessica


    #B2B-Integration
    #webMethods
    #Integration-Server-and-ESB


  • 2.  RE: Partner SelfSigned certificate

    Posted Thu January 29, 2004 02:48 AM

    The TN profile should have the self signed cert. in both the Certificate and CA Chain fields/boxes of the Verify (and Encrypt) tabs.
    The cert. should also have been placed (prior) in the CA Certificate Directory of the IS server and the server restarted to read all certs that have been placed in this directory.


    #Integration-Server-and-ESB
    #B2B-Integration
    #webMethods


  • 3.  RE: Partner SelfSigned certificate

    Posted Thu January 29, 2004 03:23 AM

    If it is a partner’s self signed certificate, this is what i would do

    1)I would leave the CA chain field blank (unselected) in encrypt and verify tabs in TN Console. The fact the cert is self signed and no CA chain is there, it makes sense to leave this field blank.

    2)I would place the self signed certificate in CATrusted directory of IS file system. This is the directory that is selected in Administrator/certificates webpage.

    3)Bounce the server to bring this CATrusted folder/self signed cert in effect.

    HTH

    DG


    #webMethods
    #Integration-Server-and-ESB
    #B2B-Integration


  • 4.  RE: Partner SelfSigned certificate

    Posted Thu January 29, 2004 03:34 PM

    Kevin,

    If I place the self signed cert in the CA Chain field it says “The CA Chain you tried to import already exists as the Client Certificate” – Therefore I will leave the CA chain field blank-

    HTH,

    I will try placing the cert in the CATrusted directory and bouncing the server. For wm.EDIINT.rules:processMsg-- it looks like it pulls the CA Chain from the profile of partner… will this be affected if the CA Chain is blank and instead, the cert is in the trusted CA directory?

    Any other suggestions?

    Thank you both for your comments,
    Jessica


    #B2B-Integration
    #Integration-Server-and-ESB
    #webMethods


  • 5.  RE: Partner SelfSigned certificate

    Posted Thu January 29, 2004 04:51 PM

    CA Chain will be pulled only if it signed by CA / intermediate CA’s.

    DG


    #webMethods
    #Integration-Server-and-ESB
    #B2B-Integration


  • 6.  RE: Partner SelfSigned certificate

    Posted Thu January 29, 2004 05:40 PM

    So if its not signed by an intermediary, it gets defaulted to those certificates that are located in the Trusted Certificates CA Certificates directory ?

    Hope that works-- I have to wait till after hours to bounce the production IS- Thanks
    Jessica


    #webMethods
    #Integration-Server-and-ESB
    #B2B-Integration


  • 7.  RE: Partner SelfSigned certificate

    Posted Sun February 01, 2004 04:34 AM

    It worked! thanks so much for your help!

    Jessica


    #webMethods
    #B2B-Integration
    #Integration-Server-and-ESB


Related Content