Posted: 22 Aug 2016 20:02 EDT Last activity: 12 Jul 2017 5:36 EDT
Rule level keystore vs Server level
We ran into an issue with Connect-SOAP where when we supplied keystore at App server (Websphere), then connect soap works fine in 7.1.7. However, the same SOAP call doesn't work fine in 7.1.9 in another app.
We tried supplying Keystore at rule level i.e. in Connect SOAP rule, by enabling WS-Security and creating a security profile containing keystore. And it worked fine.
a) Can someone explain this inconsistency in behaviour from 7.1.7 - 7.1.9..?
b) And which one is the preferred option - Rule level or Server level KS..?
***Updated by moderator: Marissa to add SR Details***
I would like to get clarification on below queries.
the same SOAP call doesn't work fine in 7.1.9 in another app?
Are you using same application server for 7.1.9? If yes, keystore is present or not? Which application scope keystore is present like node,cell and cluster levels in WAS?
Regarding your 2nd question, rule level keystore would be applicable to that particular application only, whereas if you specify at application server level it should be applicable to other applications also.
Question : Is there any "one stop" alternative or workaround to store trustores/keystores for 7.1.9-7.2..? (I have 65 connectors in my application and it's a nightmare to change these in different envs.)
We are using Pega 7.2.1 and trying to connect with Connect -Soap with keystore and truststore defined WAS cluster level. But Pega is not able to pick up the keystore and truststore from WAS cluster level. Is this because of support broken in 7.2.1 ? Is there any fix to resolve the issue?