Support Article
Issue while running a Webservice protected by Webseal
SA-26428
Summary
User is trying to run a Soap based Webservice, with Pega 7.1.9 and encounters an issue.
Error Messages
** Keystore exception: IBMKeyManager: Problem accessing key store java.io.IOException: Keystore type is not PKCS12
1:51:42 PM: <...>: com.pega.pegarules.pub.services.ConnectorException: SSL configuration: unable to instantiate JSSE socket factory with current inputs
Steps to Reproduce
Run SOAP based Webservice with Pega 7.1.9.
Root Cause
There is a known limitation with Pega that when the Keystore and truststore defined in the WebSphere cell/node/application level, SOAP connect fails.
In user case although the public and private key pair for the calling Pega server is defined in the application server level, during SOAP call PEGA is unable to find the keystore and pass the certificates to Webseal and thus Webseal is not approving the SOAP call.
Resolution
Apply the following local-change to resolve the issue.
Set the following JVM arguments with relative values within <>:
- Djavax.net.ssl.keyStore=<PATH_TO_KEYSTORE>
- Djavax.net.ssl.keystorepassword=<PASSWORD_FOR_KEYSTORE>
- Djavax.net.ssl.keyStoreType=pkcs12
Published August 10, 2016 - Updated October 8, 2020
Have a question? Get answers now.
Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.