2 Replies Latest reply: Sep 6, 2012 8:54 AM by Jamie Adams RSS

    Client Certificate Authentication not working in OSB 11g

    Jamie Adams
      Hi All,

      I am currently having an issue with getting a 2 way SSL handshake to work in a production environment.

      We have the set up working and fully functional in a Test environment, however when we have deployed the code and made the same config changes in the Production environment, it does nto work when calling the API (the result being as if we were not presenting the client cert to the API).

      All relevant configuration on Weblogic and OSB was performed (Keystore creation / Security Realm - Service Key Provider / Service Key Providers etc) and I believe to be right.

      We can test the keystore using SOAPUI and we get a valid response from the live API.
      We can see the relevant aliases in OSB Service Key Provider so I know that the Security Realm / Identity settings are correct on the Weblogic Server.
      The Test and Production Weblogic properties all look the same for Keystores / Secuirty Realms / SSL etc (expect with live keystores etc).

      As we can see the aliases in OSB when setting up the Service Key Provider, it should just be a matter of setting the 'Authentication' of the business service making the call to 'Client Certificate' and this has also been done.

      Though we always get an authentication error and code, that matched what we would get if we turn off the client cert authentication on the business service in the test environment (i.e not sending the certificate with the request).

      What I really want to know is how can I find out for sure whether we are sending this certificate with our request or not? As I am struggling to find a way to log these details.

      Any input appreciated.