Question
Sopra Steria Group
FR
Last activity: 13 Sep 2017 8:44 EDT
Use Https instead of Http SoapUI
Hi everyone,
I'v a issue on a a connector Soap. I use an activity to use it and my Service endpoint is on HTTP and it works good. But I want to switch on https so I did on SoapUI -> Preferences->SSL Settings and configure my portNumber/keystore ... After this, I change my Service endpoint and put https://[]:portnumber ssl (I try with the port Number used before) and after I launch the activity, it didn't work. I try to find the solution but I don't understand them (Use a Web Service policy?? How to create one?) If someone get a clue, it'll be great for me!
Regards
Edit:
With my Connector Soap I launch a Test Connectivity with the Http url: It works
With https: It works except for "Make HTTP connection to service endpoint: fail" Caught unexpected Throwable during SOAP Connectivity Test: Could not connect to service URL
Pegasystems Inc.
IN
Hi,
Can you refer to the below post should be helpful
https://community.pega.com/support/support-articles/how-https-enable-selected-connect-soap-services
Also For more insight refer below link
https://docs-previous.pega.com/introduction-web-services-and-soap
https://docs-previous.pega.com/authentication-and-web-services
https://community.pega.com/configuring-ws-trust-prpc
Thank You
Pegasystems Inc.
IN
I will suggest you first go through articles about SSL and then you can try securing your service through the SSL .
one of the useful article is http://www.ossmentor.com/2015/03/one-way-and-two-way-ssl-and-tls.html .
If you are facing any ssl related exception's set below JVM arguments to debug the ssl over the network and then share us the log files .
-Djavax.net.debug=ssl .
Regards,
Arun
Pegasystems Inc.
US
Hi Christophe,
- Are you using 2-way ssl or 1-way ssl configuration?
- Did you configure your truststore and keystore at the application level or Connect rule level?
Kindly let me know about the above queries and also let me know what errors you are facing at the PegaRULES and server specific logs.
Regards
Mahesh
Sopra Steria Group
FR
Edit:
I was wrong it's a 1-way ssl configuration.
No I didn't configure my truststore and keystore. That's what I need to but I don't know how to do it.
Pegasystems Inc.
US
You can configure the truststore and keystore at the connect rule level or you can configure at the server level with below sample VM arguments:
-Djavax.net.ssl.keyStore=".../keystore.jks"
-Djavax.net.ssl.keyStorePassword="password"
-Djavax.net.ssl.keyStoreType= jks
-Djavax.net.ssl.trustStore="CA certificate"
-Djavax.net.ssl.trustStorePassword=certificate created password
-Djavax.net.ssl.trustStoreType=jks
Pegasystems Inc.
US
Also you can go through the below links,
https://community.pega.com/support/support-articles/how-set-two-way-ssl-soap-connection
https://docs-previous.pega.com/how-set-two-way-ssl-soap-over-http-using-rule-connect-soap
Updated: 11 Sep 2017 6:57 EDT
Pegasystems Inc.
GB
What happens if you point a Browser to the endpoint URL ? https://[]:portnumber
Do you get any warnings about the SSL Certificate ?
Just wondering how you set up SSL on the endpoint itself - did you use a CA-signed Certificate, or did you create a Self-Signed Certificate ?
If the latter: you will need to import the SSL Certificate into a Trust Store before PRPC will trust the endpoint over HTTPs.
Although if this is the case; you should see a 'PXIX' error similar to the following in your logs:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Do you see this error anywhere ?
Sopra Steria Group
FR
I can't point with a Browser because of acess. It's a VM on a DMZ whitch have only access to the wedsite I want.
On SoapUI VM, I used a keystore with this cmd: c:\java\jdk1.6.0_14\bin\keytool -genkey -alias soapui -keyalg RSA -keystore .keystore