For a deeper look into our World Check One API, look into:
How can I download the service certificates?
Dear Support Team
I need to add the service certificates to the truststore of my application server as the server will be able to access just to your service as we have some policy constraints.
Normally we use openssl or directly the browser but with your service we are not able to achieve the result because we receive a HTTP 401 without any ssl handshake.
Could you please advice me on how to download the certificates? or may be you can provide them via email?
Thanks and Kind regards
Hi,
as AV84 said, we already have the OUR ceritficates, but we need to have a copy of YOUR certificates.
That is the case because we use a trustore
A truststore contains certificates from other parties that you expect to communicate with, or from Certificate Authorities that you trust to identify other parties.
We will not be able to connect to you if we don't have your certificates because the connectivity is established by our server only if your certificates are present in our truststore.
Normally we download the certificates directly form the website :
but being that your HTTPS server does not allow connection via browser we need them directly from you.
I hope this explains.
Thank you for the explanation.
Please allow me some time to get back with updates on this.
We can’t recommend this installing of the certificates as we may update or change certificates without customer notification and with them trusting our current certificate only, your API integration would break.
It seems when the user just points at the browser, you get a connection reset, which is interesting and rather un-useful for getting the cert.
The OpenSSL command appears to work. I would suggest AVALOQ executes the command their end to validate the certificate rather than we supplying it via insecure means.
Again though, this is not supported, and it will break when certificates are changed.
SSL certificates compatible with TLSv1.2 should be perfect to connect successfully to the WC1 API.
Request you to check the below link for more information:
https://www.ssl2buy.com/wiki/ssltls-deployment-best-practices
Kindly note we do not provide SSL certificates, but expect the clients to get it from a certificate authority. For example: digi cert.
Hi @Irfan.Khan, Speaking with Francesco, I can see that they are unable to connect to our API still once their application is in the server due to the cert issue.
I think they already procured their SSL certs from a CA, however the handshake is not happening. Do we know why that is the case? Anything to do with our root certificate validation or something?
Request you to provide me the complete error message that you are getting when connecting to the WC1 API.
Also, please provide me the request headers, response headers, date header value (in GMT) and the response code of the failed request so that I can cross check.
Request you to provide the certificate details installed too.
Hi,
as AV84 said, we already have the OUR ceritficates, but we need to have a copy of YOUR certificates.
That is the case because we use a trustore
A truststore contains certificates from other parties that you expect to communicate with, or from Certificate Authorities that you trust to identify other parties.
We will not be able to connect to you if we don't have your certificates because the connectivity is established by our server only if your certificates are present in our truststore.
Normally we download the certificates directly form the website :
but being that your HTTPS server does not allow connection via browser we need them directly from you.
I hope this explains.
We know the error message, and we know how to solve it. we just need your certificates...
Hi @Irfan.Khan,
Based on what is mentioned by Franceso, can you please let me know what we are missing here?
Kind Regards,
-- Aravind
Kindly note that our certificates are signed by public CAs so if the client have procured their certificates from a CA and they trust our certificates so you should be able to connect to our API server without a problem.
As we have public keys, our certificates should be automatically stored in your Truststore as soon as you connect with your endpoint.
Also, I am receiving such a request for the first time so I am quite curious about the implementation that you have done.
Would you give me more details on the certificates you have acquired, the version of certificate and the screenshot of the error so that I can understand this better and assist you accordingly.
Also, can you please elaborate the kind of integration you are doing to connect with the API server.
Hi,
we don't add automatically the certificates to the truststore. Because we use a prductive environment and in a productive environment we would not be able to understand of there is a person in between. It is for security reasons.
we download those certificates. can you please check if these are the right ones?
Please allow me some time so that I can get back with updates on this.