If you're going to start using EX3, which you likely need to, you need to first install certs via certtrustu.exe, which is found in the server directory on your IC server. Here's an old support case response that I keep around as a reference:
What is CertTrustU?
The SOAP Ex 3 toolstep differs from previous versions in that it uses Interactive Intelligence's ION library rather than relying on MSXML. This allows it to handle considerably more concurrent requests and in general should be used in all instances. The ION library requires certificates to be converted to a .0 format, and placed in the I3\IC\Certificates\SOAP directory. The conversion can be performed manually, but the CertTrustU.exe application was generated to automate the conversion process. During this process, CertTrustU:
How to use CertTrustU
KB article: How to use CertTrustU.exe to automate Certificate conversion https://my.inin.com/products/selfhelp/kb/Pages/default.aspx?View={DEE896E2-9298-4811-A781-7BC027D854C4}&FilterField1=EntryID&FilterValue1=Q142368328200338
Documented in Security Features Technical Reference: https://my.inin.com/products/cic/Documents/Security_Features_TR.pdf
CertTrustU.exe [-(c|e|s|y)]* (address) (port)
-c: Saves files in current directory
-e: Saves files in Certificates/Email
-s: Saves files in Certificates/SOAP
-y: Assume 'yes' response to all prompts
The application should be run in a command line from the location where the downloaded application resides.
2. The "-s" switch saves the files in the soap folder under your Interaction Center certificate store
3. The "-y" switch assume 'yes' response to all prompts, rather than waiting for the user input
4. <address> is the name of the URL that will be used in the SOAP toolstep
5. <port> will be based on the URL, http is typically 80, while https is typically 443
6. To see other available tool options, use the "/?" switch with no parameters.
Product Dependencies
-
CertTrustU and the ION Library use OpenSSL to communicate to the web service.
-
Due to the recent Logjam attack, IC requires that a Diffie-Hillman Group of 2048-bit or larger be used.
Example:
CertTrustU.exe –s –y salesforce.com 443
Hope this is helpful.
------------------------------
Aaron Lael
State of Utah
------------------------------
Original Message:
Sent: 01-25-2019 12:41
From: Scott Williams
Subject: TLS 1.2 and HTTP request from Handlers
Hi All,
We have moved our Dev system to TLS 1.2 only and found that when we did that found that our handlers that utilizing the SOAP HTTP Request Ex2 function error out. The error we get is "An error Occurred in the Secure Channel Support.". We have used wireshark and do not see TLS1.2 being used so i am trying to figure out how to have the SOAP HTTP Request Ex2 function use TLS 1.2?
Thank you,
Scott
#Handlers
------------------------------
Scott Williams
Missouri Higher Education Loan Authority
------------------------------