Menu

#26 SSL on ASEMON

v1.0_(example)
open
Jean-Paul Martin
SSL (1) ASEMON (2)
1
2019-06-06
2019-06-04
Hardeep
No

Hi JPM
I have enabled SSL on my ASE server and in parallel enabled <usessl> in xml file and did the restart of ASEMON process still am getting below connection error message.</usessl>

Would you please suggest what else i need to do. Thanks

2019/06/04 19:57:21.947 ASEMGLDEV802E_AmStats - SSL is activated
2019/06/04 19:57:21.998 ASEMGLDEV802E_AseDbSpce - Start thread.
2019/06/04 19:57:21.999 ASEMGLDEV802E_AmStats - ERROR connectSRV (1). Srv=ASEMGLDEV802E : java.sql.SQLException: JZ006: Caught IOException: java.io.IOException: JZ0T3 use getCause() to see the error chain
2019/06/04 19:57:21.999 ASEMGLDEV802E_AmStats - ERROR connectSRV (2). Srv=ASEMGLDEV802E : java.sql.SQLException: JZ0T3: Read operation timed out.
2019/06/04 19:57:21.999 ASEMGLDEV802E_AmStats - ERROR connectSRV (2). Srv=ASEMGLDEV802E : java.sql.SQLException: JZ0TO: Read operation timed out.
2019/06/04 19:57:21.999 ASEMGLDEV802E_AmStats - Trying to reconnect to archive server every 10 s ...

Regards,
Hardeep

Discussion

  • Jean-Paul Martin

    Jean-Paul Martin - 2019-06-04

    Hi Hardeep
    how did you configure ssl on your ASE server and client ?
    Did you first try to open a connection with isql just to check that the server is properly configured ?

    Did you use "keytool" on your client to integrate the public certificate in the truststore. Ex. :

    keytool -import -keystore C:/sybase/jConnect-16_0/truststore -file YOURSERVERPUBLICKEY.txt -alias YOURSERVER -storepass yourpassword

    Asemon will look for truststore file in its default location : $SYBASE/jConnect-16_0/truststore

    You can find documentation and notes on SAP site for how to configure ssl on ASE and jConnect client

    Best regards
    Jpm

     

  • Hardeep

    Hardeep - 2019-06-05

    Hi Jpm,
    Appreciate your swift reply.

    Well, I have configured SSL on ASE using standard steps and then restarted the server with SSL port. It came up with ssltcp listener. Also I have updated $SYBASE/config/trsuted.txt file to make an SSL connecton,
    Same trusted.txt file I have copied across all clients and worked but its failing for ASEMON.

    I dont see any default "truststore" file under $SYBASE/jConnect-16_0/, I have generated truststore file using keytool, and still it gives same error for ASE connnection whereas repserver connects successfully. However, SSL is configured on both ASE & REP.

    keytool -import -keystore /dba/sybase/ase/16.0.0.0.28334/jConnect-16_0/truststore -file HOSTNAME_key.pem -alias HOSTNAME.macbank

    ASEMON logs

    2019/06/05 15:59:08.607 main - Start Asemon_logger Version V2.7.21
    2019/06/05 15:59:08.632 main - Current directory is : /dba/sybase/asemon/2.7.21
    2019/06/05 15:59:08.636 main - Java version : 1.8.0_201
    2019/06/05 15:59:08.637 main - Classpath is : /dba/sybase/asemon/asemon_logger/dist/Asemon_logger.jar:/dba/sybase/asemon/asemon_logger/lib/jdom.jar:/dba/sybase/asemon/asemon_logger/lib/xerces.jar:/dba/sybase/asemon/asemon_logger/lib/java-getopt-1.0.9.jar:/dba/sybase/asemon/asemon_logger/jConnect-7_0/classes/jconn4.jar:/dba/sybase/asemon/asemon_logger/jConnect-7_0/classes/jTDS3.jar
    2019/06/05 15:59:08.637 main - Config file used : /dba/sybase/asemon/config/SYB_SERVER_1.xml
    2019/06/05 15:59:08.904 main - Try to connect to srv : SYB_SERVER_1
    2019/06/05 15:59:08.963 main - Srv found in interfaces or SQL.INI file. Host=XXXXXXXXXXX Port=20002
    2019/06/05 15:59:08.964 main - Using password from passwords file for 'SYB_SERVER_1.perfmon_dba'
    2019/06/05 15:59:08.971 main - SSL is activated
    2019/06/05 15:59:09.159 main - ERROR connectSRV (1). Srv=SYB_SERVER_1 : java.sql.SQLException: JZ006: Caught IOException: java.io.IOException: JZ0T3 use getCause() to see the error chain
    2019/06/05 15:59:09.159 main - ERROR connectSRV (2). Srv=SYB_SERVER_1 : java.sql.SQLException: JZ0T3: Read operation timed out.
    2019/06/05 15:59:09.159 main - ERROR connectSRV (2). Srv=SYB_SERVER_1 : java.sql.SQLException: JZ0TO: Read operation timed out.
    2019/06/05 15:59:09.160 main - Try to connect to srv : REPMGLDEV802E
    2019/06/05 15:59:09.186 main - Srv found in interfaces or SQL.INI file. Host=XXXXXXXXXXX Port=27002
    2019/06/05 15:59:09.186 main - Using password from passwords file for 'REPMGLDEV802E.perfmon_dba'
    2019/06/05 15:59:09.186 main - SSL is activated
    2019/06/05 15:59:09.475 main - connectMonitoredRS - connected to : REPMGLDEV802E Version : 1600
    2019/06/05 15:59:09.476 main - WARNING connectMonitoredRS : stats_sampling = OFF. Not all statistics will be captured.
    2019/06/05 15:59:09.477 main - You should execute "configure replication server set stats_sampling to 'ON'" on RS
    2019/06/05 15:59:09.552 main - Time difference (ms) between RS and asemon_logger (positive when RS is in advance) : -4
    2019/06/05 15:59:09.552 main - Try to connect to srv : SYB_SERVER_1
    2019/06/05 15:59:09.562 main - Srv found in interfaces or SQL.INI file. Host=XXXXXXXXXXX Port=20002
    2019/06/05 15:59:09.586 main - Using password from passwords file for 'SYB_SERVER_1.perfmon_dba'
    2019/06/05 15:59:09.587 main - SSL is activated
    2019/06/05 15:59:09.675 main - ERROR connectSRV (1). Srv=SYB_SERVER_1 : java.sql.SQLException: JZ006: Caught IOException: java.io.IOException: JZ0T3 use getCause() to see the error chain
    2019/06/05 15:59:09.675 main - ERROR connectSRV (2). Srv=SYB_SERVER_1 : java.sql.SQLException: JZ0T3: Read operation timed out.
    2019/06/05 15:59:09.675 main - ERROR connectSRV (2). Srv=SYB_SERVER_1 : java.sql.SQLException: JZ0TO: Read operation timed out.
    2019/06/05 15:59:09.699 REPMGLDEV802E_AmStats - Start thread.
    2019/06/05 15:59:09.700 REPMGLDEV802E_AmStats - Try to connect to srv : SYB_SERVER_1
    2019/06/05 15:59:09.729 REPMGLDEV802E_DISKSPCE - Start thread.
    2019/06/05 15:59:09.733 REPMGLDEV802E_AmStats - Srv found in interfaces or SQL.INI file. Host=XXXXXXXXXXX Port=20002
    2019/06/05 15:59:09.733 REPMGLDEV802E_AmStats - Using password from passwords file for 'SYB_SERVER_1.perfmon_dba'
    2019/06/05 15:59:09.733 REPMGLDEV802E_AmStats - SSL is activated
    2019/06/05 15:59:09.774 REPMGLDEV802E_RSConfig - Start thread.
    2019/06/05 15:59:09.785 REPMGLDEV802E_AmStats - ERROR connectSRV (1). Srv=SYB_SERVER_1 : java.sql.SQLException: JZ006: Caught IOException: java.io.IOException: JZ0T3 use getCause() to see the error chain
    2019/06/05 15:59:09.785 REPMGLDEV802E_AmStats - ERROR connectSRV (2). Srv=SYB_SERVER_1 : java.sql.SQLException: JZ0T3: Read operation timed out.
    2019/06/05 15:59:09.785 REPMGLDEV802E_AmStats - ERROR connectSRV (2). Srv=SYB_SERVER_1 : java.sql.SQLException: JZ0TO: Read operation timed out.
    2019/06/05 15:59:09.786 REPMGLDEV802E_AmStats - Trying to reconnect to archive server every 10 s ...

    Regards,
    Hardeep

     

  • Jean-Paul Martin

    Jean-Paul Martin - 2019-06-05

    Hi Hardeep,
    what is the version of SYB_SERVER_1 : 16SP03 or lower ?
    SAP changed the ssl libraries in 16SP03 and I never tested asemon with the new libraries

    By the way, you are using an old asemon (V2.7) with JRE 1.8 : never tested that (2.7 is not compiled with this level of Java)
    And your asemon is using jConnect 7.0 located in : /dba/sybase/asemon/asemon_logger/jConnect-7_0
    In that case I think asemon tries to look for file "truststore" in /dba/sybase/asemon/asemon_logger/jConnect-7_0
    Best regards
    Jpm

     

  • Hardeep

    Hardeep - 2019-06-05

    Hi Jpm,
    Thanks again on prompt reply.

    I am using ASE 16.0/SP03-PL06 version and ASEMon version is 2.7.21.

    I have copied the truststore file to asemon's jConnect folder(see below) and stop/start the asemon, but dodnt help. When i start the ASEMON JAVA_HOME is /usr/lib/jvm/jre.

    $ pwd
    /dba/sybase/asemon/2.7.21/jConnect-7_0
    $ ls -l truststore
    -rw-r--r--. 1 sybase_ias dba 1962 Jun 5 19:55 truststore
    $

    I am bit surprise why its working with RepServer where SSL enabled as well,

    Do you think i should try with aselogger v3.0 ?

    Regards
    Hardeep

     

  • Jean-Paul Martin

    Jean-Paul Martin - 2019-06-05

    I am afraid there may be incompatibilties between this version of asemon and the new ssl libraries of ASE V16SP03.
    I have to do tests with this version

    What is the version of RS : 16SP03 also ?
    If lower this could explain why it can connect.

    May be you can try tu use a more rencent version of jConnect with your asemon
    Change the JCONNECT_HOME in the asemon_logger.sh script to point to a jConnect V16 directory

    Best regards
    Jpm

     

  • Hardeep

    Hardeep - 2019-06-05

    Thanks Jpm
    Repserevr version is 16.0/EBF 26769 SP03

    Regards
    Hardeep

     

  • Hardeep

    Hardeep - 2019-06-05

    Thanks Jpm,
    I have chnaged JCONNECT_HOME to ASE jConnect dirctory and it worked. :-)
    export JCONNECT_HOME=/dba/sybase/ase/16.0/jConnect-16_0

    Regards
    Hardeep

     

  • Hardeep

    Hardeep - 2019-06-05

    I would like to summarise my steps to start ASEMON with SSL

    1. Add <usessl>YES </usessl> to ASEMON XML file

    2. Genererate truststore file using keytool
      e.g keytool -import -keystore /dba/sybase/ase/16.0.0.0.28334/jConnect-16_0/truststore -file HOSTNAME_key.pem -alias HOSTNAME.macbank

    3. Change JCONNECT_HOME in the asemon_logger.sh script to point to jConnect V16 directory
      export JCONNECT_HOME=/dba/sybase/ase/16.0/jConnect-16_0

    4. Restart ASEMON process

    Regards
    Hardeep

     

  • Jean-Paul Martin

    Jean-Paul Martin - 2019-06-06

    Ok good, thanks you for feedback
    But I still don't understand why it could connect to RS V16SP03 with ssl and old jConnect
    May be SAP didn't implement new ssl algo in RS16SP03. I have to check that
    Best regards
    Jpm

     

Anonymous
Anonymous

Add attachments
Cancel





Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.