Certificate configuration for consumed rest service KeyStoreException: Cannot store non-PrivateKeys
Hi, I am trying to connect to a REST service but am experiencing some difficulties with the required certificates to get the connection to work. As far as I know I need two sets of certificates: one chain for the OKTA (oktapreview) domain for the Token (OAuth2) and one chain for the server that I need to consume. What I did is: Download all the certificates via Chrome; Create a new keystore locally using keytool, add all (6) certificates to the keystore; Export the keystore as a pfx; Configure the keystore in Mendix Studio using “ClientCertificates” and “ClientCertificatePasswords”. Next I get this error: “KeyStoreException: Cannot store non-PrivateKeys”. I’m assuming the error is correct since I did not store any private key files in the keystore, just the CER exports. Can anyone tell if I would need a Private Key for each of the certificates in my keystore? Or just a private key for one of the domains? The chances of getting a private key for some of these domains is very small considering how high-level they are. Also the service we’re connecting with (MuleSoft) informed me that parties (non-mendix) are able to connect without the usage of private keys. Thanks,
Bas van der Linden
You can set up client certificates in the configuration tab in Studio Pro and in the environment details when running in the cloud. See https://docs.mendix.com/howto/integration/use-a-client-certificate/ for details.