Tuesday, 6 November 2012

Use of CACerts in BPM v751

Some facts...

1 : Process centre uses CAcerts to look up a trusted certificate 

2: RAL client uses CACerts but only when it needs to send a client cert to AppTarget when it asks for one (i.e .when it has Mutual auth enabled)

3: If you have your webserver specifying that mutual auth is optional it's happy to let you in without you sending a cert. But if you send one and it's not trusted you'll get a handshake error
It sounds obvious but it scuppered me for a while ... if you have your webserver specifying that mutual auth is optional it's happy to let you in without you sending a cert. But if you send do one and it's not trusted you'll get a handshake errror. In my case the SSL client was WAS and default the nodeDefaultSSLSettings are configured with a client cert alias on NONE. I changed this to default when I was debugging a differernt issue and didn't change it back again. This led to the Process Server heartbeat failling becasue it started sending a non trusted cert to the process centre webserver where previosuly I hadn't sent anything

No comments:

Post a Comment