We are attempting to use dynamic keystores/alias for 2 way TLS. However, we seem to be getting intermittant issues when using this:
https://api-endpoint.example.com
true
true
{dev.keyStore}
{dev.keyAlias}
I’ve verified in our trace that we’re extract dev.* variables properly. However, every other request is not using the keyStore/keyAlias set by the dev.* variables - we’re basically getting the first certificate out of the store.
Has anyone experienced this before? Are we missing a piece of configuration on the connection here?
First thing I noticed is, in 2 way TLS your truststore info is missing.
I have also implemented dynamic keystore and truststore info, but all work as expected.
I am using keystore as a reference to keystore and keyalias as the alias name. Truststore also a reference.
<HTTPTargetConnection>
<SSLInfo>
<Enabled>true</Enabled>
<ClientAuthEnabled>true</ClientAuthEnabled>
<KeyStore>ref://myKeyStoreRef</KeyStore>
<KeyAlias>myKey</KeyAlias>
<TrustStore>ref://myTrustStoreRef</TrustStore>
</SSLInfo>
<URL>https://*****.com</URL>
</HTTPTargetConnection>
Also use the reference variable in the code.