Menu
▾
▴
RE: [ebxmlms-general] Configuring SSL and Hermes - step by stepGuide
|
From: Tanveer, A. \(NIH/OD\) [C] <tan...@od...> - 2006-05-09 12:22:11
|
When I Deploy Hermes on Tomcat with SSL turned on, I get an exception.
With non-SSL port everything works fine. But as soon as I specify the
SSL port in the msh*.properties file (under the <URL> ....</URL> tag), I
get the exception. I will appreciate any help on this.
2006-05-09 08:16:16,613 INFO Thread-3 gov.nih.cgaprefimpl.RequestManager
- Regis
tering with the msh at: https://localhost:8443/msh/
2006-05-09 08:16:16,643 INFO Thread-3
gov.nih.cgaprefimpl.ExchangeMessageListene
r - Creating an ExchangeMessageListener
javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException:
No trusted certificate found
at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA12275)at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(DashoA12275)
at sun.net.www.protocol.https.HttpsClient.afterConnect(DashoA12275) at
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect
(DashoA12275) at
sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLCo
nnection.java:569) at
sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(Das
hoA12275) at
hk.hku.cecid.phoenix.message.handler.Request.sendCommand(UnknownSour ce)
at hk.hku.cecid.phoenix.message.handler.Request.sendMessageServiceHandle
Thanks
|-----------------------------------------------------------------------
----| Ashique Tanveer
| Booz | Allen | Hamilton=20
|
| Contractor, eRA Project, National Institute Of Health
| Off: 301-451-1772
| Fax: 925-889-3635
| Email: tan...@od..., tan...@ba...=20
|-----------------------------------------------------------------------
---------Original Message-----
From: Tanveer, Ashique (NIH/OD) [C]=20
Sent: Monday, May 08, 2006 4:05 PM
To: 'ebx...@li...'
Subject: RE: [ebxmlms-general] Configuring SSL and Hermes - step by
stepGuide
Ladislav,
Here are couple of questions. You may be able to help with this.
1) In your configuration what port address you specified in
msh.properties and msh_client.properties file under <URL> ...</URL>. I
assume it has to be the SSL port of Tomcat. Right?
2) I understood that I will generate two sets of keystores (and 2 sets
of certificates to be imported into the other party's keystore).
In your email you asked to modify msh*.propeties file to specify the
keystore name/password there. But how does the tomcat configuration come
into picture? Or is that not a necessary step? Typically I would specify
the keystore name/password in the Tomcat server.xml under the
<Connector>...</Connector> tag. Is that not necessary to do when I am
running hermes in SSL mode? Only modifying the hermes properties
(msh*.properties) is sufficient?
I am just trying to understand difference or relationship between
tomcat's configuration for SSL (in its server.xml) and Hermes' SSL
configuration (in msh*.properties files).
Thanks again for your time and help.
|-----------------------------------------------------------------------
----| Ashique Tanveer
| Booz | Allen | Hamilton=20
|
| Contractor, eRA Project, National Institute Of Health
| Off: 301-451-1772
| Fax: 925-889-3635
| Email: tan...@od..., tan...@ba...=20
| Learn Java, Teach Java, Talk Java, Join a JUG
| http://servlet.java.sun.com/jugs/north_america/usa/maryland/rockville
|-----------------------------------------------------------------------
----
-----Original Message-----
From: Ladislav Urban [mailto:lad...@we...]=20
Sent: Monday, May 08, 2006 3:25 PM
To: ebx...@li...
Subject: RE: [ebxmlms-general] Configuring SSL and Hermes - step by
stepGuide
Hello Ashique,
we use SSL configuration for hermes. You can set it up the same way as
for tomcat.=20
Are you going to use selfsigned certs?
1st Step
create generate keys in keystores of both tomcats. The kystore is
usually in root directory of the tomcat and its name is .keystore
example:
keytool -genkey -keyalg "RSA" -dname "cn=3Dcompany1, ou=3Dcompany,
o=3Dcompany1, c=3DUS" -keystore ./.keystore -alias tomcat -keypass
password222 -storepass password222
2nd Step:
Configuration of msh.properties.xml
<SSL>
<HostnameVerifier>com.webswell.hermes.NullHostVerifier</HostnameVerifier
>
<TrustedAnchor>
<!-- Trust keystore for SSL Server Authentication -->
<KeyStore>
<Path>/usr/local/Webswell/jakarta-tomcat</Path>
<File>.keystore</File>
<Password>password222</Password>
</KeyStore>
</TrustedAnchor>
<ClientAuth>
<URL></URL>
<KeyStore>
<Path></Path>
<File></File>
<Alias></Alias>
<Password></Password>
</KeyStore>
</ClientAuth>
</SSL>
As you can see we do have null host verifier. It switch off verification
of host name in http request against host name in credentials. I can
send you the java code.
3rd Step=20
Export public part of the generated keys from both keystores. This will
create the selfsigned certificate files.
keytool -export -alias tomcat -keystore ./.keystore -storepass
password222 -file ./company1.cer
and import the certificates to the opposite keystore.
Ladislav=20
On Mon, 2006-05-08 at 12:53 -0400, Tanveer, Ashique (NIH/OD) [C] wrote:
> =20
>=20
> I guess I am looking for something like a "SSL configuration with
> Hermes for dummies". Assuming I have two Hermes server running on
> Tomcat server, what are the steps (generate the certificate, keystore
> etc,?) to have both Hermes communicate via SSL. I assume some
> configuration needed on the tomcat as well as hermes properties files?
> Any tips would help.
>=20
> =20
>=20
> Thanks
>=20
> -- Ashique
>=20
> =20
>=20
>
|-----------------------------------------------------------------------
------------
>=20
> | Ashique Tanveer
>=20
> | Booz | Allen | Hamilton
>=20
> |
>=20
> | Contractor, eRA Project, National Institute Of Health
>=20
> | Off: 301-451-1772 | Fax: 925-889-3635
>=20
> | Email: tan...@od..., tan...@ba...=20
>=20
>
|-----------------------------------------------------------------------
------------
>=20
>=20
> =20
> ______________________________________________________________________
> From: David RR Webber (XML) [mailto:da...@dr...]=20
> Sent: Monday, May 08, 2006 12:33 PM
> To: ebx...@li...
> Subject: [ebxmlms-general] Configuring SSL and Hermes - step by step
> Guide
>=20
>=20
> =20
>=20
> Team,
>=20
>=20
> =20
>=20
>=20
> Does anyone have any notes they can share on setting up Hermes <->
> Hermes using SSL?
>=20
>=20
> =20
>=20
>=20
> The Hermes docs are not forthcoming on this - so would be helpful to
> have something available.
>=20
>=20
> =20
>=20
>=20
> More to the point - if you succeeded in getting this working - can you
> share the steps you=20
>=20
>=20
> had to go thru?!
>=20
>=20
> =20
>=20
>=20
> Thanks, DW
>=20
>=20
> ------------------------------------------------------- Using Tomcat
> but need to do more? Need to support web services, security? Get stuff
> done quickly with pre-integrated technology to make your job easier
> Download IBM WebSphere Application Server v.1.0.1 based on Apache
> Geronimo
>
http://sel.as-us.falkag.net/sel?cmd=3Dlnk&kid=3D120709&bid=3D263057&dat=3D=
121642
_______________________________________________ ebxmlms-general mailing
list ebx...@li...
https://lists.sourceforge.net/lists/listinfo/ebxmlms-general=20
>=20
>=20
--=20
Ladislav Urban
CEO
Webswell Inc.
1333 Howe Avenue, Suite 100
Sacramento, 95825 CA
email: lad...@we...
phone: +1 (916) 290-2040
fax: +1 (916) 921-2850
http://www.webswell.com
-------------------------------------------------------
Using Tomcat but need to do more? Need to support web services,
security?
Get stuff done quickly with pre-integrated technology to make your job
easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache
Geronimo
http://sel.as-us.falkag.net/sel?cmd=3Dlnk&kid=3D120709&bid=3D263057&dat=3D=
121642
_______________________________________________
ebxmlms-general mailing list
ebx...@li...
https://lists.sourceforge.net/lists/listinfo/ebxmlms-general
|
