Problem

-- Establishing outbound connection to an external WebService server fails with certificate error like "No trusted certificate found"

-- Connection to external server is via HTTPS

Resolution

** The current Webservices implementation works similar to the AS2 implementation. Outbound webservice calls, like outbound AS2 connections (not using Secure Relay), do not use the Certificate Manager to establish and verify trust. Instead the default Java truststore is being used and therefore to-be-trusted certificates must be imported into this keystore.

The keystore in question is $JAVA_HOME/lib/security/cacerts, the default password is changeit and the procedure to import the certificates is:

1. Obtain the full certificate chain the server presents (e.g. via openssl s_client -connect [host:port] -showcerts)
2. Upload certificates to the TSIM server
3. Add certificates to the truststore by issuing the following command for each certificate:

keytool -import -alias <partner> -file <cert-file> -keystore $JAVA_HOME/lib/security/cacerts -storepass <keystore password>