I am trying to consume a REST service on a remote machine which issued a client certificate in pfx-format for my convenience. I have imported the certificate, and the root-certificate, in the project settings of my app. When executing the REST call the system returns a HTTP403 response with the message "No client certificate supplied!". I have tried both the certificates tab in the project settings, as well as the custom settings in the project configuration. Both give the same result. The same REST service with the same certificate results in a HTTP200 when called from Postman. Is there anything else I should do besides import the certificate? Should I import it on my windows environment (tried that too)? Or in the java keystore (tried and failed)? ========================== Edit: So far I have tried importing the client certificate pfx file directly in the certificates tab of my app's projects settings (still running in development on my local machine) and indirectly through the custom settings following this document: https://docs.mendix.com/howto/integration/use-a-client-certificate. Both scenario's result in the same error: unable to find valid certification path to requested target Caused by: java.security.PrivilegedActionException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at com.mendix.integration.util.PrivilegedUtil$.withPrivileged(PrivilegedUtil.scala:16) I am starting the wonder if the pfx file I received from the server is incorrect, if that's even possible. If so, how can I verify this? ========================== Edit & notes on solution: I got the SSL connection woring by combining two below answers: I updated the custom settings with an entry for ClientCertifcatesUsages I imported the root.cer certificate issued by the server into the java truststore. To do that I used Portecle in administrator mode (otherwise you can't update the changes to the ca certs store). When using portecle, make sure you point it to the correct truststore (i.e. note the java version you use).
asked
Forgotten User hpgB5J2ns6
4 answers
4
There is a bug in the REST call functionality which prevents the client certificate from being picked up automatically. You need to explicitly map the host name to the client certificate using the "ClientCertificateUsages" custom setting .
answered
Jouke Waleson
2
Are you using the Rest Module or the build in Rest support of Mendix.?
I think that java also requires you to trust the full chain of the issuer of the client certifcate.
You could use tools such as portecle to inspect the pfx file to see if it contains the full chain, and to see if the client certificate file itself is trusted.
answered
Pieter van de Braak
2
Olaf,
Have a look at this page that explains how to use certificates with rest locally and in the cloud.
I know this is quiet an old thread but thanks to your solution I solved it too. I imported the root.cer to Project Settings > Certificates and defined the necessary custom configuration settings for my Configuration, so ClientCertificates + ClientCertificatePasswords + ClientCertificateUsages.