I am setting up a SOAP driver to call a webservice over HTTPS. I
am running IdM

I have it working in SOAPUI, pointing to the .p12 file directly under
WS-Security -> keystores and providing the password for the

Now, from the driver, I would like to call the webservice and have it
return information, and as far as I understand, I will be using the
publisher channel for this. But it looks like the configuration of the
connection is under the Subscriber options.


The driver runs on the IDV with no remote loader. Meaning the driver
talks directly with the webservice over HTTPS.

In the driver configuration I have the following:

Subscriber options:

URL of the SOAP server or Web Service: http://tinyurl.com/of7p5q8

Authentication ID: Blank since no user/password is used
Authentication password: Blank since no user/password is used
Truststore file: /opt/novell/certs/keystore.keystore

The rest I have not provided.

Now I find it a bit weird that I should not provide a password for the
keystore anywhere?

I created the keystore like this:


/root/idm/jre/bin/keytool -genkey -alias keystore -keystore keystore.keystore
/root/idm/jre/bin/keytool -v -importkeystore -srckeystore cert.p12 -srcstoretype PKCS12 -destkeystore keystore.keystore -deststoretype JKS


I have the same password for the keystore as the certificate itself.

And when starting the driver I see it capturing my heartbeat which I
listent for on the publisher channel which tells my driver to send the
SOAP request, which it does:


<nds dtdversion="4.0" ndsversion="8.x">
<soapenv:Envelope event-id="0" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:urn="
urnio:medarbejder:1.0.0" xmlns:urn1="urnio:sagdok:3.0.0" xmlns:uuid="http://www.novell.com/nxsl/java


And then just underneath that:


[05/04/15 18:16:43.066]:soapOPUS01 PT: soapOPUS01: Value of boolean flag 'remove-existing' is : false
[05/04/15 18:16:43.067]:soapOPUS01 PT: soapOPUS01: HTTPSubscriberTransport.send()
[05/04/15 18:16:43.067]:soapOPUS01 PT: soapOPUS01: Preparing HTTP POST connection to https://customer.dk/XISOAPAdapter/Me...:stuffgoeshere
[05/04/15 18:16:43.068]:soapOPUS01 PT: soapOPUS01: Setting up SSL connection..........
[05/04/15 18:16:43.070]:soapOPUS01 PT: soapOPUS01: Setting the following HTTP request properties:
[05/04/15 18:16:43.071]:soapOPUS01 PT: soapOPUS01: Authorization: <credentials suppressed>
[05/04/15 18:16:43.071]:soapOPUS01 PT: soapOPUS01: SOAPAction: #batchRequest
[05/04/15 18:16:43.071]:soapOPUS01 PT: soapOPUS01: Content-Type: text/xml; charset=utf-8
[05/04/15 18:16:43.095]:soapOPUS01 PT: soapOPUS01: IOExecption : sun.security.validator.ValidatorExcept
ion: No trusted certificate found
[05/04/15 18:16:43.096]:soapOPUS01 PT: soapOPUS01: Restored operation-data
[05/04/15 18:16:43.097]:soapOPUS01 PT:
<nds dtdversion="2.0">
<product build="20141121_0927" instance="soapOPUS01" version="">Identity Manager Driver for S
<contact>NetIQ Corporation</contact>
<status level="error" type="app-general" value1="IOException">
<description>sun.security.validator.ValidatorExcep tion: No trusted certificate found</description>
[05/04/15 18:16:43.099]:soapOPUS01 PT: soapOPUS01: Response Doc #document,null,null


So it seems like there is something wrong with my setup.

My thoughts:

1. I somehow created the keystore incorrectly.
2. I am not setting up the driver correctly.
3. The publisher settings might be needed somehow?

I have tried many different things, but I thought this would work, since
we have a 3.5.7 driver set up like this where it works. But maybe
something changed in the version.

Any suggestions?

Thanks in advance,


jacmarpet's Profile: https://forums.netiq.com/member.php?userid=415
View this thread: https://forums.netiq.com/showthread.php?t=53427