Good day,
I have a java web application in Webphere, and this web application need to call IBM third party to get some information.
IBM give me a .p12 file which is contain of client cert, and I import it through WAS Console as a new TrustStore and set the management scope correct, through this step in WAS Console, Security > SSL certificate and key management > Key stores and certificates.
however, this new TrustStore never run/read by my application. So I keep hitting 403 Forbidden.
I suspect that I didnt configure it properly. kindly advise on this.
If it's actually a client certificate, you need to add it to a Keystore, not a Truststore. Truststore is where you put server certificates you want to trust, not client certificates you want to present.
And the easiest path would be to import it into one of the existing Keystores, rather than create a new one. e.g. CellDefaultKeyStore. Import as a "Personal certificate".
Update: don't give it the "default" alias, though. That will mess up WebSphere's own internal SSL communication. Instead give it another alias, and refer to that in the "Dynamic outbound endpoint SSL configuration", to indicate that you want to use that specific alias when connecting to that specific destination
If you don't want to import into an existing Keystore, you can create a new one and and a new SSL configuration that uses it, and also reference that in a "Dynamic outbound endpoint SSL configuration". But unless you're managing a lot of different client certificates, that seems more complicated than is necessary.