Question

Client certificate usages in private cloud

1

Hello experts, I’m currently having difficulty in using the override client certificate option in the REST activity (see image RestWithOverride). The app that I’m working on is not running in the Mendix cloud so my efforts up until now are based on this documentation under ClientCertificateUsages. This documentation states that we should construct the override object as seen in image code_snippet or, if there are more certificates, code_snippet_2. We’re using a REST service so we’ve removed the Module.WebService 1 key/value from the JSON object and the certificate path is pointing to where the mendix app is located (e.g. “C:\\MyApp\\myCertificate.pfx”). I was able to communicate with this service via postman by entering, in addition to the host and certificate path, a passphrase in the certificates menu (see image PostmanSettings). From the examples that I’ve found in the Mendix documentation I can’t figure out where to specify the passphrase and my assumption is that this is where it’s failing. Does someone have experience in doing this? btw → studio version is 9.6.6. Thanks in advance for your response! Andrew

asked 2022-02-18

Andrew Cooney

1 answers

Joost Verhoog · Answer 1 · 2022-02-21

Hi Andrew,

You specify the files for the client certificates in setting ClientCertificates
You specify the passwords in ClientCertificatePasswords

For most scenario’s that’s enough. If you have a certificate that will not work for a certain host but will for another, you can specify which certificates to use for which hosts using ClientCertificateUsages. Use the host name as an identifier.

There is an even more advanced scenario: use the Client certificate identifier in the Call REST activity if you need to use different client certificates for the same host. In that case, you use other identifiers in ClientCertificateUsages, whatever identifier you see fit. Even “a”, “b”, “c” would work. In Client certificate identifier in the Call REST activity you specify a variable. The running app will use that value as the identifier in the ClientCertificateUsages to find the certificate to use.

For example when the variable has the value “b” and ClientCertificateUsages is { “a”: “mycert.pfx”, “b”: “myothercert.pfx” }, the runtime will use myothercert.pfx