Client Specifies HTTPS But Did Not Supply TLS Certificate

Problem

Security Server returns the error message below when a client information system tries to send a request message.

REST Error Message

{ "type":"Server.ClientProxy.SslAuthenticationFailed", "message":"Client (SUBSYSTEM:PLAYGROUND/COM/1234567-8/TestClient) specifies HTTPS but did not supply TLS certificate", "detail":"2ea02d93-e0b8-4e2b-8c6e-fac20f53a3e3" }

SOAP Error Message

<?xml version="1.0" encoding="UTF-8"?> <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"> <SOAP-ENV:Body> <SOAP-ENV:Fault> <faultcode>Server.ClientProxy.SslAuthenticationFailed</faultcode> <faultstring>Client (SUBSYSTEM:PLAYGROUND/COM/1234567-8/TestClient) specifies HTTPS but did not supply TLS certificate</faultstring> <faultactor /> <detail> <faultDetail>b782c3a4-f279-43d1-8684-2af318ec2ca5</faultDetail> </detail> </SOAP-ENV:Fault> </SOAP-ENV:Body> </SOAP-ENV:Envelope>

Solution

Starting from the version 6.22.0 the default connection type for all the Security Server clients is set to HTTPS to prevent unauthorised use of the clients. This means that mutual TLS authentication is used in the connections between the Security Server and client information systems by default. Therefore, the information system's client TLS certificate must be uploaded to the Security Server before any services can be invoked. The error message above tells, that the TLS certificate of the client information system has not been uploaded to the Security Server yet. Alternatively, the connection type can be changed to HTTP or NOAUTH - not recommended.

Instructions for configuring the connection type and uploading the TLS certificate are available at:

https://docs.x-road.global/Manuals/ug-ss_x-road_6_security_server_user_guide.html#91-communication-with-service-consumer-information-systems

Related articles