We are attempting to use dynamic keystores/alias for 2 way TLS. However, we seem to be getting intermittant issues when using this:
<HTTPTargetConnection>
<URL>https://api-endpoint.example.com</URL>
<SSLInfo>
<Enabled>true</Enabled>
<ClientAuthEnabled>true</ClientAuthEnabled>
<KeyStore>{dev.keyStore}</KeyStore>
<KeyAlias>{dev.keyAlias}</KeyAlias>
</SSLInfo>
</HTTPTargetConnection>
I've verified in our trace that we're extract dev.* variables properly. However, every other request is not using the keyStore/keyAlias set by the dev.* variables - we're basically getting the first certificate out of the store.
Has anyone experienced this before? Are we missing a piece of configuration on the connection here?
First thing I noticed is, in 2 way TLS your truststore info is missing.
I have also implemented dynamic keystore and truststore info, but all work as expected.
I am using keystore as a reference to keystore and keyalias as the alias name. Truststore also a reference.
<HTTPTargetConnection> <SSLInfo> <Enabled>true</Enabled> <ClientAuthEnabled>true</ClientAuthEnabled> <KeyStore>ref://myKeyStoreRef</KeyStore> <KeyAlias>myKey</KeyAlias> <TrustStore>ref://myTrustStoreRef</TrustStore> </SSLInfo> <URL>https://*****.com</URL> </HTTPTargetConnection>
Also use the reference variable in the code.
User | Count |
---|---|
3 | |
2 | |
1 | |
1 | |
1 |