I have an application that is currently deployed in WAS 8.5.5.9. This application connects to another server via webservice and the host of the other server requires me to connect using TLS 1.2 and through a mutual SSL connection.
I have already successfully imported the (other) server's host certificate in the truststore of my WAS but as this is mSSL and not regular 1 way SSL, I also need to set up the client certificate to be sent back to the other server to verify the connection.
How do I do this? I cannot seem to find any options in the WAS admin console that specifies a client certificate to be sent to a remote server for mSSL.
Some points to consider:
- I have already selected TLSv1.2 in the SSL configuration in WAS and it seems to be working
- The client certificate was provided to me by the owner of the remote host based on a CSR creation done in IKEYMAN by us.
- I have tried importing the client certificate in the WAS trust and key stores but I still get a handshake_failure exception when I try to process a transaction.
- A TCP dump on the remote server side indicates that the server is getting 0 length when receiving the client certificate
- Logs on my side indicates that initial handshake is successful. ClientHello and ServerHello messages pushes through. But at the very end I get this message (although it does not tell much):
[11/28/16 20:57:15:836 CST] 000000e9 SystemOut O [Raw read]: length = 5 [11/28/16 20:57:15:836 CST] 000000e9 SystemOut O 0000: 15 03 03 00 02 ..... [11/28/16 20:57:15:836 CST] 000000e9 SystemOut O [Raw read]: length = 2 [11/28/16 20:57:15:836 CST] 000000e9 SystemOut O 0000: 02 28 .. [11/28/16 20:57:15:836 CST] 000000e9 SystemOut O Thread-142, READ: TLSv1.2 Alert, length = 2 [11/28/16 20:57:15:836 CST] 000000e9 SystemOut O Thread-142, RECV TLSv1.2 ALERT: fatal, handshake_failure
