This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

2way TLS with p12 in truststore

Posted on 12-17-2019 08:17 AM
Ramchanderch
Bronze 2
Bronze 2
Reply posted on --/--/---- --:-- AM

We have a P12 provided by target service owner which needs to be presented for a successful 2 way TLS handshake. I see TLS handshake fails when API proxy communicates with target service (via target server) when the same P12 truststore (cert and key pair) is referenced in both keystore and truststore. However, the same works when the cert is exported from P12 and references in truststore.

Did any one experience this behavior and can throw some light on this behavior?

Doesn't Work:

{ "host" : "Host.com", "isEnabled" : true, "name" : "TS_2WayTLS", "port" : 443, "sSLInfo" : { "enabled" : "true", "ignoreValidationErrors" : false, "clientAuthEnabled" : "true", "keyAlias" : "P12Alias", "keyStore" : "ref://P12storeRef", "trustStore" : "ref://P12storeRef" } }

Works:

{ "host" : "Host.com", "isEnabled" : true, "name" : "TS_2WayTLS", "port" : 443, "sSLInfo" : { "enabled" : "true", "ignoreValidationErrors" : false, "clientAuthEnabled" : "true", "keyAlias" : "P12Alias", "keyStore" : "ref://P12storeRef", "trustStore" : "ref://P12CertRef" } }

Thanks, Ram

0 1 106
Topic Labels
0 Likes
1 REPLY 1

Posted on --/--/---- --:-- AM
dchiesa1
Staff
Reply posted on --/--/---- --:-- AM

GREAT, I'm glad you found a solution. Thanks for your experience. Surely this will help others, too.

Dealing with the various formats of TLS keys and certs can be tricky. I myself prefer to use the .PEM formats for everything; I find them easier to handle, examine, and so on.

0 Likes