cancel
Showing results for 
Search instead for 
Did you mean: 

Web API services support mutual TLS authentication?

MichalLukasik
Level 2
Hi,

we are struggling to make a call to an SSL secured webservice over the Web API Services functionality. There is no issue, when making a call to over unsecured http.
We have already tried several things:
- disabling certificate checking
DX
- setting different TLS versions
BP Portal
And other solutions from stackoverflow...

The requests to this Web API over SOAPUI (with indicated certificate path) works perfectly.
Thats why mu suspection is that we are missing this indication within Blue Prism. But how to achieve this? We still want to use Web API Services feature and not a warkaround with newly created object, where we can potentially point out where the certificate is stored.
Looking forward for constructive responses.

@Bruce Liu: The certificates are imported on the Runtime resources and are visible under under Manager Computer Certificates -> Personal > Certificates.
@Eric Wilson: The behavior is the same on local development machine in debug mode. I will give try with Fiddler or Wireshark. In HTTP Request (Utility - HTTP Object) there is an input Certificate ID and we can get it over Load Certificate action. I don't understand how it suppose to work in built-in Web API functionality.
​​
2 REPLIES 2

bruce.liu
Staff
Staff
Hi Michal,

Have you tried importing the certificate being used by the remote web service onto the machine where you run Blue Prism? Once done the certificate should be shown under Manager Computer Certificates -> Personal > Certificates. This should make your client machine to trust the remote server certificate, so you can issue calls using HTTPS.

ewilson
Staff
Staff
Hi @MichalLukasik,

Have you tried using Fiddler or Wireshark on one of the runtime resources to capture the request going to the web service? Do you experience the same behavior when testing your process from your local development machine in debug mode?

Cheers,
Eric​