[midPoint] sms notification - https client certificate authentication

Thu Mar 14 16:50:23 CET 2019

Hello,

yes, I’ve tried to add a client private key, client certificate(p12 file) and all related CAs to Java keystore.

I’ve changed the name of the certificate KeyEntry to be the same as the HTTPS hostname, I’ve changed the password for the PrivateKeyEntry to be the same as keystore password, I’ve restarted Midpoint.

#keytool -keystore keystore.jceks -storetype jceks -storepass changeit –list
smsconnector.cz.o2.com, Mar 14, 2019, PrivateKeyEntry,
thawte tls rsa ca g1, Mar 14, 2019, trustedCertEntry,
default, Aug 17, 2018, SecretKeyEntry,
et sms connector, Mar 14, 2019, trustedCertEntry,
o2 sms connector, Mar 14, 2019, trustedCertEntry,

There is still the same issue:

2019-03-14 15:53:48,434 [] [pool-6-thread-1] DEBUG (com.evolveum.midpoint.notifications.impl.api.transports.SimpleSmsTransport): Sending SMS to URL https://smsconnector.cz.o2.com/smsconnector/getpost/GP (method POST)
2019-03-14 15:53:48,434 [] [pool-6-thread-1] DEBUG (com.evolveum.midpoint.notifications.impl.api.transports.SimpleSmsTransport): Using request headers:
[Content-Type: application/x-www-form-urlencoded]
2019-03-14 15:53:48,443 [] [pool-6-thread-1] DEBUG (com.evolveum.midpoint.notifications.impl.api.transports.SimpleSmsTransport): Using request body text (encoding: ISO-8859-1):
action=send&baID=1991234&fromNumber=%2b420720001234&toNumber=%2b420604555666&text=Test+zprava
2019-03-14 15:53:48,663 [] [pool-6-thread-1] ERROR (com.evolveum.midpoint.notifications.impl.api.transports.SimpleSmsTransport): Couldn't send SMS to [+420604555666] via null, trying another gateway, if there is any, reason: Received fatal alert: handshake_failure (class javax.net.ssl.SSLHandshakeException)
2019-03-14 15:53:48,667 [] [pool-6-thread-1] DEBUG (com.evolveum.midpoint.notifications.impl.api.transports.SimpleSmsTransport): Couldn't send SMS to [+420604555666] via null, trying another gateway, if there is any.
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
        at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
        at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
        at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:2020)
        at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1127)
        at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1367)
...

Question is how to force Midpoint or Tomcat to use SSL client certificate from keystore during comunication with particular HTTPS URL?

Thank you for any advices

Best regards
Petr Herman

Od: midPoint <midpoint-bounces at lists.evolveum.com> za uživatele Jason Everling
Odesláno: Tuesday, March 12, 2019 9:10 PM
Komu: midPoint General Discussion <midpoint at lists.evolveum.com>
Předmět: Re: [midPoint] sms notification - https client certificate authentication

Have you tried adding the client certificate/key into your midpoint keystore then running an sms notification?

On Tue, Mar 12, 2019 at 9:08 AM Petr Herman <petr.herman at soc365.cz<mailto:petr.herman at soc365.cz>> wrote:
Hello everyone,

the customer wants to integrate O2 SMS gateway using HTTP GET/POST, but SMS gateway is using HTTPS client certificate for authentication.

Does Midpoint support this feature?

Thank you in advance
Best regards

Petr Herman
Visitech a.s.

_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>
http://lists.evolveum.com/mailman/listinfo/midpoint
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20190314/6ae3b22e/attachment.htm>