I have a .pem and .key file provided by ADP. I have uploaded to the Admin Console under "Certificates" --> "Trusted Server Certificates", when I add it to the "Client Certificates" I get a error for missing key file even though I'm not sure how to add it as well since its only looking for a .pem file.
First question: is this correct to add it under the "Trusted Server Certificates" to use in an integration that calls the web service or should it be in "Client Certificates" and if so, how do I add the key?
Now I read in the documentation that you're supposed to create a "Connected System" with HTTPS and set Authentication to "None". But I have a client id and client secret to add but to the body.
Second question: Do I create a Connected System with None Authorization, then create an Integration that adds the client id/client secret to the Body in there?
Third question: how do I utilize the client certificate in the Integration, is there a function that calls it? Or do I add it somehow in the Connected System?
Fourth question: The token needed to be used for the API call, how do I add that in the integration throughout its lifetime?
Thank you all.
Discussion posts and replies are publicly visible
Do you have any experience using SSL certificates?
1) Depends on whether you use the certificate to authenticate the client to the server. If this is the case then it must go to "Client Certificates". The message body is created in the integration.
2) Yes
3) This is done automatically by matching the url in the certificate to the server you call.
4) Which token? You would add it in the integration as a query parameter, a header or in the body.
I do not, this is the first one I've used. With Appian is not as straightforward as there is no documentation for this case use. I've set it up with Postman but there are examples for its usage so it was much easier.
#1: I believe the certificate is used to authenticate the client to the server. I'm assuming ADP would use this methodology. Why do I get the missing key error? Am I suppose to use openSSL to create a combo file such as a .csr or a .pfx (which I have already but when I upload it does not take it and wants specifically a .pem file)? I do have a .key file as well, but I don't see an option to add it along with the .pem file.
#2: Understood.
#3: I figured it would be an Appian function that would be called in the initial setup when it was called, but makes sense.
#4: The token that the Token Request Endpoint returns in order to use for every API call, but I see what you mean now.
Thank you for the quick response
https://docs.appian.com/suite/help/21.2/connected_system_authentication.html
https://docs.appian.com/suite/help/21.2/Appian_Administration_Console.html#client-certificates
I think the client cert needs to be a combined file.
Regarding the "Trusted Server Certificates" issue, we are using "Sign PDF Document" plug-in for signing PDF document with corporate certificate (pfx). Is there a way to make the certificate trusted, without doing anything on client side (Adobe Reader)?
What does "client side" mean? The client tries to validate the chain of certificates. If the top most certificate is a trusted one, you are good. That top most certificate must exist at the client. Either by a corporate setup if the company uses a private certificate chain, or a public one if you bought the certificate you use in Appian from a public provider.
Hi,
what we won't, simple the certificate which is public to be validate on a first open of the file, so no activity should be done on a client reader same as if it was signed using adobe.
We try to set up on tomcat by editing server.xml file and also import certificate using certlm console on a windows server but the result is the same.
Any suggestion how to continue?
The validation is done on client side only. You have to make sure to use a certificate that the client can validate.
en.wikipedia.org/.../Chain_of_trust
Good morning Stefan,
There are two certificates that are uploaded by 2 different project teams. When there are one cert, it's working fine. When there are two certs, all of our API calls fail because of the 403 issue, Client Certificate.
Do you know what might be the issue? The two certs include the url within the cert as well.
I can' tell, but when both certs point to the same server, there might be a conflict. As certificates are a platform matter, I highly recommend to set up governance processes to prevent such issues.