The document you linked was rather old, I didn't see the options in my secure agent administrator page. However, there are different entries there, that might be the way to solve this:
I treid to import my certificates and keys into the trust-store/key-store in process-engine/conf/ directory using java keytool, but ICRT still can't reach the service, closing with the usual error:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alerts.getSSLException
However, I managed to split my pfx-certificate into separate files for key/public cert/certificate chain and with those, call the service using CURL:
curl -E ./file.crt.pem --key ./file.key.pem https://myServiceURL -v --cacert ./cacerts.crt
Where do I have to import those files for the secure agent to work?
Thanks, I tried Keystore Explorer to import the certificate into ae.keystore. The tool is really helpful in doing that, however it doesn't do anything different than what I tried with java keytool command line, I still get the error message 'javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed'.
I have implemented a workaround now in my process that executes the working curl-command. Still, it would be nice to solve this using a Service Connector, so I opened a support case.
I wanted to mention that the service I'm trying to reach uses 2-way SSL, so I need to provide a client certificate (file.crt.pem in curl-command), and I have stored that, along with the private key (file.key.pem) in ae.keystore under a new alias. I also tried to change the parameter 'key-alias' in the admin-page from 'localhost' to this new alias, but that also didn't work.
Any further ideas?
The instructions I gave are for 2 way SSL . That is how I have done in the past where the service requires me to present a client certificate .I would just import the key pair into ae.keystore by pointing to the .pfx file.
You shouldn't have to change any properties on the admin page for the secure agent in this case.
Since you have already opened a case , I'll let Support respond.
Do check your catalina log for any exceptions when SA is starting . An example of this would be not providing the password as "password" for ae.keystore when you import the keys.