cancel
Showing results for 
Search instead for 
Did you mean: 

API call with .PEM and .KEY file

VarunVeetil
Level 2
Hi All,

I was wondering if anyone could provide some guidance on this scenario

The API gateway that I need to hit requires .PEM .KEY authentication. I am trying to incorporate that into blueprism and was wondering if there is any additional setup we can do on the web API services to incorporate the .PEM and .KEY ?

PEM, KEY and the query is correct as I am able to make a successful call via postman.

We also tried using the Certificate thumbprint using the "C:\Program Files\Blue Prism Limited\Blue Prism Automate\automate.exe" /resourcepc /public /port 8181 /sslcert command but getting the below error
Listener failed : Unable to find the requested SSL certificate - ensure that it is installed in the local certificate store and is valid.

TIA


------------------------------
Varun Veetil
------------------------------
14 REPLIES 14

@Dominika.Zolotarew,

If you try running the curl command yourself do you receive the same error, or is it just when the digital worker tries to do it? There's an optional command line parameter for curl called --cert-type I believe. You might try adding that to your command line as --cert-type PEM and see if that makes any difference.

Cheers,



------------------------------
Eric Wilson
Director, Integrations and Enablement
Blue Prism Digital Exchange
------------------------------

Hello Eric:)
Thank you again for the reply.
I trying to make it work in cmd directly for now.

After quick search I am not sure how to utilize --cert-type PEM. People doesnt seem to use it. I think PEM is a default format for cURL.

curl -k -X GET  "https://urlfake.json"  --key "C:\Desktop\decrypted_private_key.pem" --cert "C:\Desktop\public_cert.pem" --cert-type PEM

But I probably used it incorrectly since I have errors: curl: (58) schannel: certificate format compatibility error and curl: (3) URL using bad/illegal format or missing URL.


Going back to my initial question. 
I found that this service can accept .p12 but they are again two of them - 'keystore' and 'truststore' so I am not sure how to work with it in Utility - Http.



------------------------------
Dominika Zolotarew
------------------------------

@Dominika.Zolotarew,

I believe on Windows, cUrl defaults to looking for certificates in the standard Windows keystore. If you have a .p12 version of your certificate you could use the Windows Certificate Manager plugin to install it into the store and then try cUrl again.

The purpose of the --cert-type flag is to instruct cUrl that you specifically want to use a PEM-based certificate. If my assumption about cUrl on Windows is correct, this is how you would override the default behavior. You might try adding the --cert-type flag before the other certificate parameters. Example:

curl -k -X GET  "https://urlfake.json"  --cert-type PEM --cert "C:\Desktop\public_cert.pem" --key "C:\Desktop\decrypted_private_key.pem"

Regarding the cUrl error you're seeing, did you generate this PEM file yourself or was it supplied to you by your IT team? Does the private key file have a passphrase associated with it? 

One other thing. I'm not sure that it will make a difference, but every time I've dealt with a key file it has had .key as the file extension instead of .pem. The certificate file should have .pem. So, you might try changing that file extension too.

Cheers,



------------------------------
Eric Wilson
Director, Integrations and Enablement
Blue Prism Digital Exchange
------------------------------

Hello Eric,
There is the same error when I put the flag and the cert before other parameters unfortunately, however, only one since "(3) URL using bad/illegal format or missing URL." disappeared.

I for now use certificates provided by the IT. It has a passphrase, yes.

Sorry, my intention was not clear. What I meant is:
In the materials the service provider given me I see that in one of the possible ways to authenticate .p12 was used (please see piece of the code). However, in form of 2 files at least (keystore.p12 and truststore.p12). So I would like to to utilize "Utility - Http" since certificate format is .p12 as expected.  However, I am not sure if its possible since it seems I need to provide it as 2 separate files.

       (...)host='fake.net',
        port=XXXX,
        keystore_path="C:\Desktop\keystore.p12",
        truststore_path="C:\Desktop\truststore.p12",
        keystore_password=open(C:\Desktop\.keystore.pw').read(),
        truststore_password=open(C:\Desktop\.truststore.pw').read()(...)



------------------------------
Dominika Zolotarew
------------------------------

Hello Eric,
FYI. 
We bypassed the problem by indicating cmd to use curl.exe belonging to the GitHub dir,



------------------------------
Dominika Zolotarew
------------------------------