0

From a WCF client, I can send requests to a Datapower service just fine. When the datapower tries to send a response, they get the following error:

11:41:55 ssl error 224703 0x806000ca valcred (xx.xxxxxx.xx.xx_xxx): SSL Proxy Profile 'xx.xxxxxx.xx.xx_sslpp': connection error: peer did not send a certificate

On the client and server, we have matching certificates and I have that certificate bound to the appropriate port as well as a "SetCertificate" call attaching the certificate to the client. I'm seeing no response traffic at all on the server side via trace logs. The folks on the datapower/client side say the service is not presenting the certificate after handshaking but I have to visibility to that.

Any suggestions would be greatly appreciated.

Sam DeHaan
  • 10,246
  • 2
  • 40
  • 48
Toby Godfrey
  • 1
  • 1
  • 4

1 Answers1

2

I have faced this issue always and I am a datapower and Java web service developer.

This senario is assuming datapower is acting as a server.

  1. When datapower logs that peer is not sending the certificate it means the WCF is not sending the public certificate it shared with datapower at all over the network.
  2. This can be confirmed by sending turning on the packet capture in datapower.
  3. A lot of time people start changing the public certs, I would suggest not to do that and focus on seeing WHY the CLIENT is not seeing any issue.
  4. Keystore in the client side where client is Java, needs to contain both the client public key and datapower public key in truststore.

keytool command to put the server cert in the cacerts.jks keystore:

keytool -import -v -trustcacerts -alias mykey -keypass changeit -file mykey.cer -keystore cacerts.jks -storepass changeit
Joshua
  • 8,112
  • 3
  • 35
  • 40
Pravin
  • 21
  • 4