Posted: 3 Jan 2018 23:55 EST Last activity: 5 Jan 2018 16:06 EST
Outbound Key store configuration for REST connect rules
In our project we are integrating with external systems using rest methods. External systems looking authentication and we have generated jks file and assoicated those in rest connector. Integration working fine. But as per WAS standards we are not suppose to associate certificates in pega this needs to be configured in cluster level. We have configured and removed from pega. But those certificates are not associating with rest message on service invocation.
Please suggest any body seen similar issue or pega is forcing certificates needs to associate in pega or do we need install any hotfix.
Pega Platform 7.2 has a bug where connectors won't properly use the WAS level keystores. Create an SR through the normal channel and ask for HFix-40010. This should fix the issue. Note that the hotfix requires a restart of Pega to take effect.
including the certificates as part of the keystores in Pega reduces dependency on the Infrastructure team who has to configure and deploy the same in every environment.And to your question, do you mean that you are unable to connect to the service after configuring the certificates in WAS?
I hope your understanding here is incorrect.Keystores are data instances in Pega and a change would be easier if required( although thats not an usual case with certificates, because certificates are not usually created to expire in a month or so).When you have certificate included as part of your keystore, you don't have to configure the same certificate at WAS. Its incorrect.
Make use of Java keytool to add the certificate as part of the application or Enterprise keystore that you may have already (or you can create a new keystore too)
I aware of difference b/n keystore and certs for easy understanding I mentioned certs. Actually we have added keystore(.jks) in Pega provided by WAS team. But now WAS team suggesting do not include any keystore in Pega and Keystore should be part of cluster itself and should get those from cluster path and associate with outbound message.
WAS team done some configuration for this but this keystore values are not associating with outbound message. So I have heard Pega product has some issue and looking for solution.