Question
Swedbank AB
SE
Last activity: 5 Jan 2018 16:06 EST
Outbound Key store configuration for REST connect rules
Hi All,
In our project we are integrating with external systems using rest methods. External systems looking authentication and we have generated jks file and assoicated those in rest connector. Integration working fine. But as per WAS standards we are not suppose to associate certificates in pega this needs to be configured in cluster level. We have configured and removed from pega. But those certificates are not associating with rest message on service invocation.
Please suggest any body seen similar issue or pega is forcing certificates needs to associate in pega or do we need install any hotfix.
Thanks,
Deva.
Pegasystems Inc.
US
Hello,
What version of Pega Platform are you using? There is an issue with WAS keystores on some versions of Pega that there is a hotfix for.
Pegasystems Inc.
US
Pega Platform 7.2 has a bug where connectors won't properly use the WAS level keystores. Create an SR through the normal channel and ask for HFix-40010. This should fix the issue. Note that the hotfix requires a restart of Pega to take effect.
StellarNexus Consulting UG
DE
Hello Deva!
including the certificates as part of the keystores in Pega reduces dependency on the Infrastructure team who has to configure and deploy the same in every environment.And to your question, do you mean that you are unable to connect to the service after configuring the certificates in WAS?
Swedbank AB
SE
Hi Midhun,
Thanks for reply.
Including certificate in pega will have issue. Becuase when ever WAS to update the certificate then pega code change required. So we are trying to assoicate keystore at WAS level.
Thanks,
Deva.
StellarNexus Consulting UG
DE
I hope your understanding here is incorrect.Keystores are data instances in Pega and a change would be easier if required( although thats not an usual case with certificates, because certificates are not usually created to expire in a month or so).When you have certificate included as part of your keystore, you don't have to configure the same certificate at WAS. Its incorrect.
Make use of Java keytool to add the certificate as part of the application or Enterprise keystore that you may have already (or you can create a new keystore too)
Contact me if you still miss something here.
Swedbank AB
SE
Hi,
I aware of difference b/n keystore and certs for easy understanding I mentioned certs. Actually we have added keystore(.jks) in Pega provided by WAS team. But now WAS team suggesting do not include any keystore in Pega and Keystore should be part of cluster itself and should get those from cluster path and associate with outbound message.
WAS team done some configuration for this but this keystore values are not associating with outbound message. So I have heard Pega product has some issue and looking for solution.
Thanks,
Deva