I'm having some difficulty configuring a policy set binding for the purposes of digitally signing client calls to a web service using a certificate given to me by a third party. For simplicity's sake, I'm merely trying to modify the callback handler affiliated with the signature token included in the "Client Sample" binding to generate signatures based on a certificate given to me by a client. Note that the client sample works prior to the modifications described below. I've taken the following steps to modify the callback handler:
1. Imported the certificate to: (SSL certificate and key management > Key stores and certificates > NodeDefaultTrustStore > Signer certificates)
2. Modified the settings on the: (General client policy set bindings > Client Sample > WS-Security > Authentication and protection > gen_signx509token > Callback handler). I've changed the keystore to the NodeDefaultTrustStore and selected the key that was imported in step one. Per the WAS documentation, I am not supplying a password for the key since only the public key exists in the .CER file.
3. Restart WAS
After restarting the server and attempting to send a command to the web service I receive the following error from Websphere:
Caused by: javax.xml.ws.WebServiceException: com.ibm.wsspi.wssecurity.core.SoapSecurityException: CWWSS7073E: The key is not retrieved. The exception is:
I've tried a number of different certificate files yet they have all resulted in this error. Can anyone comment as to whether I'm going about this wrong? Any help would be greatly appreciated.
Not sure if this would really help you... I do the same thing except that I did not use the 'Client sample' but created my own client set policy set binding. This allows me to clean configurations that I do not need. Another difference is that I did not use the NodeDefaultTrustStore but a custom store (.p12 file) with the cert (.cer) inside it.