Forum Stats

  • 3,783,752 Users
  • 2,254,826 Discussions
  • 7,880,537 Comments

Discussions

2-way SSL on JCS-SaaS Extension

user11977471
user11977471 Member Posts: 14 Blue Ribbon
edited May 3, 2017 3:16AM in Java Cloud Service

Hi,

We are trying to invoke a 3rd party web service (from custom java code) which enforces client authentication (2-way SSL).

How do we configure JCS-SX to enable this? What I have done so far:

1) Obtained the PKCS12 certificate from the client.

2) Imported the PKCS12 file in a new JKS keystore:

keytool -genkey -alias mycertificate -keyalg RSA -keysize 2048 -keystore mykeystore

keytool -delete -alias mycertificate -keystore mykeystore

keytool -v -importkeystore -srckeystore Currency-Importer.pfx -srcstoretype PKCS12 -destkeystore mykeystore -deststoretype JKS

Import was successful.

3) Tried to add the JKS to JCS-SX using the command below:

D:\javacloud-sdk>javacloud  -dc us2 -p <password> -add-ssl-private-key -path mykeystore -alias mykey -debug true

The above command fails with

[ERROR]   - javax.ws.rs.WebApplicationException: java.lang.IllegalArgumentException:

            Missing body part entity of type 'application/octet-stream'

            |

            +----> Caused By : java.lang.IllegalArgumentException: Missing body part

            entity of type 'application/octet-stream'

            |

            +-------> Caused By : Missing body part entity of type 'application/

            octet-stream'

I could not find any documentation on how to use -add-ssl-private-key command. The reason I'm trying to add this is because I need to set the property 'ssl.twoway.client.enabled' to the alias of the private key.

Can someone please suggest how do I configure a client authentication on JCS-SaaS extension?

Answers

  • user11977471
    user11977471 Member Posts: 14 Blue Ribbon
    edited May 3, 2017 3:16AM

    We were able to make this work. The steps are the same, however, there was some issue with importing the PKCS file in JKS using keytool. We used KeyExplorer to create a JKS file and import the PKCS file in it, and then add the JKS file to private keys.

    We also updated the config 'ssl.twoway.client.alias' to point to the private key alias (created above) and then restarted the server.

This discussion has been closed.