REST connector. Support for custom client certificate.
Does anybody know if custom client certificates are supported by the REST connector? The SOAP connector appears to be configurable for custom certificates.
Recently we faced same problem for one of REST connector, you will need to import the external certificate to resolve the issue,
000035162 - RSA Identity Management and Governance SSLHandshakeException when using a custom Java workflow node on Red Hat Enterprise Linux (RHEL)
Thank you Tushar
I’ve advised customer.
John Landry | Technical Support Engineer, Customer Services EMEA | RSA
Direct line: +44 (0)1344 781773 | John.Landry@rsa.com<mailto:John.Landry@rsa.com>
Your feedback is important to us.
Please assist us by responding to any Customer Satisfaction Survey you may receive from us
Customer is using Red Hat Linux. Anybody know where to place the custom client certificate for a REST connector in Red Hat?
You need to import the REST endpoint certificate along with the trust chain into client.keystore of the AFX server.
Alternatively, you can import the same into cacerts of the JDK running the AFX server.
The customer thinks they need to push out a certificate to the endpoint, following line from their email.
“The client certificate is not a certificate that you can get from the endpoint server like you've mentioned in your last line of the email, it is a certificate of Aveksa server that the endpoint except to receive with the request that Aveksa's server sends to it.
In the default keystore where supposedly the connector searches for the certificate, there are more than one certificates… so how the connector knows which one to pick and send?
Moreover, you suppose to provide a password to the client certificate file when sending the request – in the SOAP connector you have a location to enter the file’s password, you don’t have it in the REST connector.”
Can you comment on the above please.
RSA IGL REST connectors do not support 2 way SSL (mutual authentication) if understand the context of client certificate is you comment. Since it uses one way SSL, you don't need to provide a certificate alias to verify the trust chain the in the keystore. At a high level upon connection, the REST WS server sends IGL the it's certificate and IGL looks in its keystore (trust store) if it know of this certificate.
Retrieving data ...