This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

"Random" certficate being used from keystore?

Posted on 09-04-2020 07:45 AM
daviddango
New Member
Reply posted on --/--/---- --:-- AM

We are attempting to use dynamic keystores/alias for 2 way TLS. However, we seem to be getting intermittant issues when using this:

<HTTPTargetConnection>
<URL>https://api-endpoint.example.com</URL>
<SSLInfo>
<Enabled>true</Enabled>
<ClientAuthEnabled>true</ClientAuthEnabled>
<KeyStore>{dev.keyStore}</KeyStore>
<KeyAlias>{dev.keyAlias}</KeyAlias>
</SSLInfo>
</HTTPTargetConnection>

I've verified in our trace that we're extract dev.* variables properly. However, every other request is not using the keyStore/keyAlias set by the dev.* variables - we're basically getting the first certificate out of the store.

Has anyone experienced this before? Are we missing a piece of configuration on the connection here?

0 1 98
Topic Labels
0 Likes
1 REPLY 1

Posted on --/--/---- --:-- AM
Not applicable
Reply posted on --/--/---- --:-- AM

First thing I noticed is, in 2 way TLS your truststore info is missing.

I have also implemented dynamic keystore and truststore info, but all work as expected.

I am using keystore as a reference to keystore and keyalias as the alias name. Truststore also a reference.

<HTTPTargetConnection>
   <SSLInfo>
       <Enabled>true</Enabled>
       <ClientAuthEnabled>true</ClientAuthEnabled>
       <KeyStore>ref://myKeyStoreRef</KeyStore>
       <KeyAlias>myKey</KeyAlias>
       <TrustStore>ref://myTrustStoreRef</TrustStore>
    </SSLInfo>
<URL>https://*****.com</URL>
</HTTPTargetConnection>

Also use the reference variable in the code.

0 Likes