images/download/attachments/44939717/HTTP_Client_Server_EN-version-1-modificationdate-1579657261054-api-v2.png

Lobster_data can authenticate itself as an HTTPS client to an HTTPS server with a client certificate according to the X.509.3 standard. The procedure is the following.

Searching for Keystore File

Lobster_data looks for a file in directory ./etc/certs that has the name of the host in the URL of the server address. So for the URL https://www.java.com, for example, Lobster_data would look for a file named www.java.com.

If such a file is found, the contents of the file are read in and interpreted as a Java keystore. The keystore must contain the keys (including the private key) and all certificates of the certificate chain. The keystore may only contain one key pair and the key password must match the keystore password. This password must be defined with parameter keystorePassword in configuration file ./etc/startup.xml.

<Set name="keystorePassword">OBF:1x151v2h1vfx1ym71vgx1v1x1x1h</Set>

The password can be specified in plain text or better obfuscated. The keystore can either be created and edited using the program keytool or - much more comfortable - with Portecle (http://sourceforge.net/projects/portecle/).

No Matching Keystore File Found

If no matching keystore file is found, the following mechanism takes effect.

If the system variable VAR_AUTH_CERT_ID is defined and a non-empty value has been assigned to it, then the value of this variable is interpreted as the ID (serial number) of a local certificate in the Partner Administration. If a certificate with this ID is found, it will be passed to the HTTPS server. The client then uses this certificate as client certificate for authentication if the server requires it.

No File with Certificate Found and Variable Not Defined

If no file with a certificate is found and the variable is not defined, no certificate is passed to the HTTPS server. There will be no error message.

The procedure described is always executed when Lobster_data appears in the role as HTTPS client. That is, for profiles with time-driven Input Agent and data source HTTP(S) and for profiles with at least one Response Route of type HTTP(S).

The ID (serial number) of your local certificate can be obtained from the list of your local certificates in the Partner Administration. Simply view a certificate and copy the ID with Ctrl+C. This ID can then be entered in the GUI or you can alternatively select a local certificate from a list and the ID will be entered automatically.