Question : WebSphere webservice call using SSL ServerTrustFile.jks

Everyone

Scenario: WebSphere 5.1.2 calling same server version Web service but with a JKS trusted cert key.

My organization updated the ServerTrustFile with a new certificate for an expired Cert.
Updating the application webservicesclient.xml file in RAD (using Graphical IDE) I am not able to pull the key.
I have the key ou=, o=, c=  values but it says it cannot find it.

[With the IDE now]
In webservicesclient.xml  
> I've setup 'Security Extensions' >> Confidentiality >> bodycontent
> in 'Port Binding'  >>  Key Locator (See attached word document for dialog)
> in 'Port Binding' >> updated the Encryption

(I have put the graphical demo in a word doc - attached.)

Can anyone direct me to a useful resource telling me how to pull a key from a JKS file successfully?

I keep getting exception:
exception: com.ibm.wsspi.wssecurity.config.KeyLocatorException: WSEC5035E: Unable to retrieve the key from KeyLocator:

Thanks

Answer : WebSphere webservice call using SSL ServerTrustFile.jks

Q: Do you have any suggestions to follow or things to consider as we try to conquer this SSL handshake error?

A: Yes, I bet that the certificate that you "think" is being provided isn't actually being used.

  For example, say that your cert keystore contains 2 "valid" (unexpired) certificate. It is almost impossible for them to expire at the same instant, so we have the following kind of scenario:

- Imagine that you have the 2 certificates shown below, with #2 being the "newest"
- Until #1 expires, it will continue to be used, because it is valid, and because it is marked as the "default" certificate.

  If your client machine only has, or is configured to expect certificate #2 from the server, then you are going to get the problem that you describe above.

 Does this make sense?

1:
2:
3:
4:
5:
6:

 # |     Valid From      |     Valid Until     | Default? |
---+---------------------+---------------------+----------+
 1 |01/01/2008 @ 00:00:00|12/31/2009 # 23:59:59|   Yes    |
---+---------------------+---------------------+----------+
 2 |07/01/2008 @ 00:00:00|06/30/2009 # 23:59:59|   No     |
---+---------------------+---------------------+----------+
Open in New Window
Select All
Random Solutions  
 
programming4us programming4us