Hello All,

I'm trying to consume a REST API and I need to send the certificate when I call the API. I tried to follow this post Here but without success, probably because it's an old post for OutSystems 8 or 9. I just have the .cer files and not the .pfx or the password certificate.


The Service Center tab Administration > Certificates can be used for REST services? How should we assign the uploaded certificate to the service?


Any idea how to send a certificate OnBeforeRequest?

Thank you

That post is from 2012, so I'd say it's more like version 5, maybe 6 :). As far as I know, there's not a standard way of sending a certificate with REST. Do you have documentation describing how the receiver is expecting the certificate?

Well, I got a way to do this with an integration with c# basically I'm getting the certificate.

StoreLocation.LocalMachine
X509Certificate2Collection certs = x509Store.Certificates;
X509Certificate2Collection matches = certs.Find(X509FindType.FindBySubjectName, "SubjectName", true);


After I get the certificate I'm doing a call with it using the sample code below.

HttpClientHandler handler = new HttpClientHandler();

handler.ClientCertificates.Add(clientCert);

HttpClient client = new HttpClient(handler);


However I'm looking mostly for a solution in OutSystems that allow me to implement this. Any idea? 

Mmm, there's a more recent post in that same topic (from 2017) that says it's still valid, so I'd try it that way. I.e. uploading the certificate to Service Center, then configure it for the REST service.

I believe that's not possible. The tab on the eSpace is no longer visible, and also on the WS it's no longer possible to select the certificate...

Solution

So I figured this out following this:

A. Load the client certificate into the machine store:
Open MMC Console (Start -> Run -> mmc.exe)
File -> Add/Remove Snap-in;
Choose Certificates from the left column and click Add;
Choose Computer Account, click Next and click Finish. Close the dialog with Ok;
In the certificate list, right-click Personal and choose All Tasks -> Import
Follow the wizard to import the PFX certificate - you will be prompted for the password at some point;
This will import the certificates into Personal\Certificates.

B. Grant access to the certificates to IIS
Right-click on the certificates you just imported and access All Tasks -> Manage Private keys ...
Add users/groups NETWORK SERVICE and IIS_IUSRS (Windows 2008R2) or IIS_WPG (Windows 2003) with Full Control access. Click Apply and close the dialog.


The Step B was missing for my case. Now it's working properly. We can also use this extention to send a certificate in the request of the call, but don't forget to configure this steps in the server machine.

Solution

Yeah, you need to grant access, or it won't work. Don't need "Full Control" though, "Read" access suffices (and is safer).