Menu
▾
▴
RE: [FWD: RE: [ebxmlms-general] Configuring SSL and Hermes - step by step Guide]
|
From: Ladislav U. <lad...@we...> - 2006-05-19 02:31:16
|
Hello Ashique,
this is complete msh_properties.xml file:
<?xml version="1.0" encoding="UTF-8"?>
<Property>
<MSH>
<Log>
<!-- ExternalProperties optionally points to an external file for
configuring LOG4J. If specified, the following parameters
(LogPath, LogFile, etc) will not be used -->
<ExternalProperties>/usr/local/Webswell_company/jakarta-tomcat-company/bin/log4j.properties</ExternalProperties>
<!-- empty path: user.home -->
<LogPath>/usr/local/Webswell_company/all_logs</LogPath>
<LogFile>ebxmlms_company.log</LogFile>
<!--
0: all
1: info, warn, error
2: warn, error
3: error
4: no log
-->
<LogLevel>0</LogLevel>
<!-- For rolling log files, maximum file size per log file,
-1: one single big file -->
<MaxFileSize>10000</MaxFileSize>
</Log>
<Config>
<!-- The URL of MSH (The URL of MSH to external systems) -->
<!-- Keep trailing slash after context path to avoid unexpected
problems
with some application servers -->
<!-- <URL>http://66.202.95.174:19998/company/</URL> -->
<URL>http://localhost:19998/company/</URL>
<AuthenticationFile>/usr/local/Webswell_company/ebxmlms/msh_passwd</AuthenticationFile>
<!-- Optional property specifying the implementation class name of
hk.hku.cecid.phoenix.message.handler.ToUrlResolver which
maps a <ToPartyId> to a physical URL for sending message -->
<ToUrlResolver>hk.hku.cecid.phoenix.message.handler.ToUrlResolverImpl</ToUrlResolver>
<!-- Optional property specifying the implementation class name of
hk.hku.cecid.phoenix.pki.CertResolver which
returns an array of java.security.cert.Certificate's based on
the identity information in the received EbxmlMessage -->
<!-- <CertResolver></CertResolver> -->
<!-- Optional property controlling whether a positive
acknowledgment
message will be generated if the sender successfully sends a
message -->
<PositiveAcknowledgment>false</PositiveAcknowledgment>
<!-- Optional property controlling whether an error message being
sent
back to the sender is augmented with the original message as
a MIME payload -->
<AugmentedErrorMessage>true</AugmentedErrorMessage>
<!-- Optional property controlling the content transfer encoding
used
in payload while sending in HTTP -->
<ContentTransferEncoding>binary</ContentTransferEncoding>
<!-- Optional property defining the delivery interval
<DeliveryInterval>5000</DeliveryInterval>
-->
</Config>
<!-- uncomment to use web proxy for outgoing HTTP connections
<Proxy>
<Host>127.0.0.1</Host>
<Port>8282</Port>
</Proxy>
-->
<Mail>
<SMTP>
<!-- Mail server for sending messages -->
<!--<Host>smtp.clevernet.cz</Host> This is blocked on home network-->
<Host>smtp.sbcglobal.yahoo.com</Host>
<!-- <User>tes...@we...</User> This is blocked on
home network -->
<User>hu...@sb...</User>
<!-- <Password>testaccount1</Password> -->
<Password>hulibrk123</Password>
</SMTP>
<!-- Uncomment the following property to watch the debugging
information
from JavaMail library -->
<Debug>false</Debug>
<Poll>
<Protocol>pop3</Protocol>
<Host>pop3.clevernet.cz</Host>
<Port>110</Port>
<Folder>INBOX</Folder>
<User>tes...@we...</User>
<Password>testaccount1</Password>
<MonitorInterval>20000</MonitorInterval>
<!-- optional property for forcing the MSH to change the subtype
of
incoming SOAP messages to "multipart/related" -->
<ForceChangeSubType>true</ForceChangeSubType>
</Poll>
<SMIME>
<Encryption>
<KeyStore>
<Path>/usr/local/Webswell_company/webswellbroker</Path>
<File>.keystore</File>
<Password>password111</Password>
</KeyStore>
</Encryption>
<Decryption>
<KeyStore>
<Path>/usr/local/Webswell_company/webswellbroker</Path>
<File>.keystore</File>
<Alias></Alias>
<Password>password111</Password>
</KeyStore>
</Decryption>
</SMIME>
</Mail>
<DigitalSignature>
<TrustedAnchor>
<KeyStore>
<Path>/usr/local/Webswell_company/webswellbroker</Path>
<File>.keystore</File>
<Password>password111</Password>
</KeyStore>
</TrustedAnchor>
<AckSign>
<KeyStore>
<Alias>partner_sign</Alias>
<Path>/usr/local/Webswell_company/webswellbroker</Path>
<File>.keystore</File>
<Password>password111</Password>
</KeyStore>
</AckSign>
</DigitalSignature>
<SSL>
<!-- Optional property specifying the implementation class name of
com.sun.net.ssl.HostnameVerifier from JSSE 1.0 which handle
the case
when the URL's hostname and the server's identification
hostname
mismatch-->
<HostnameVerifier>com.webswell.hermes.NullHostVerifier</HostnameVerifier>
<TrustedAnchor>
<!-- Trust keystore for SSL Server Authentication -->
<KeyStore>
<Path>/usr/local/Webswell_company/jakarta-tomcat-company</Path>
<File>.keystore</File>
<Password>password789</Password>
</KeyStore>
</TrustedAnchor>
<ClientAuth>
<URL></URL>
<KeyStore>
<Path></Path>
<File></File>
<Alias></Alias>
<Password></Password>
</KeyStore>
</ClientAuth>
</SSL>
<Persistent>
<Database>
<!-- JDBC database driver used in MSH -->
<Driver>org.postgresql.Driver</Driver>
<!-- <Driver>org.hsqldb.jdbcDriver</Driver> -->
<!-- <Driver>org.gjt.mm.mysql.Driver</Driver> -->
<!-- Database user name -->
<User>buyer</User>
<!-- Database password -->
<Password>cecid</Password>
<!-- Database URL -->
<URL>jdbc:postgresql://localhost:9224/company</URL>
<!-- <URL>jdbc:hsqldb:/path/databasename</URL> -->
<!-- <URL>jdbc:mysql://path/msh</URL> -->
<!-- Configure database transaction isolation level. Valid
settings are:
READ_COMMITTED, READ_UNCOMMITTED, REPEATABLE_READ and
SERIALIZABLE
-->
<TransactionIsolationLevel>READ_COMMITTED</TransactionIsolationLevel>
<!-- Number of initial database connections in the connection
pool -->
<InitialConnections>30</InitialConnections>
<!-- Maximum number of database connections allowed in the
database
pool. Enter the value of 0 if unlimited number of
connections
are allowed -->
<MaximumConnections>300</MaximumConnections>
<!-- Maximum period of time in milliseonds to wait for an
available
connection -->
<MaximumWait>20000</MaximumWait>
<!-- Maximum idle time for a connection object to be considered
valid
in the connection pool -->
<MaximumIdle>60000</MaximumIdle>
</Database>
<!-- Repository location for storing ebXML messages persistently
-->
<MessageRepository>/usr/local/Webswell_company/ebxmlms/repository</MessageRepository>
<!-- Maximum number of files in a single directory -->
<MaxFiles>1000</MaxFiles>
<!-- File name for MSH backup -->
<BackupFile>/usr/local/Webswell_company/ebxmlms/MSHBackup.zip</BackupFile>
<!-- Directory where the archived data are placed -->
<ArchiveDirectory>/usr/local/Webswell_company/msh_archive</ArchiveDirectory>
</Persistent>
<!-- Default message repository for MessageListener used in MSH -->
<MessageListener>
<TrustedRepository>/usr/local/Webswell_company/ebxmlms/trustedRepository1;/usr/local/Webswell_company/ebxmlms/trustedRepository2</TrustedRepository>
<ObjectStore>/usr/local/Webswell_company/ebxmlms/objectStore</ObjectStore>
</MessageListener>
<!-- Optional Property to allow the user to use customized delivery
mechanism
<Delivery>
<DeliveryHandler>class.name</DeliveryHandler>
<RetryInterval>1000</RetryInterval>
<MaximumRetry>3</MaximumRetry>
</Delivery>
-->
</MSH>
</Property>
On Mon, 2006-05-15 at 16:54 -0400, Tanveer, Ashique (NIH/OD) [C] wrote:
> Ladislav,
>
>
>
> Will you be able to send me your complete msh_properties.xml file and
> also tell me if using the NullHostVerifier is enough to turn off host
> verification.
>
> I keep getting the error: Hostname should be <120.123.134.111>
>
>
>
> Any help will be hugely appreciated.
>
> Thanks so much in advance
>
>
>
> |-----------------------------------------------------------------------------------
>
> | Ashique Tanveer
>
> | Booz | Allen | Hamilton
>
> |
>
> | Contractor, eRA Project, National Institute Of Health
>
> | Off: 301-451-1772 | Fax: 925-889-3635
>
> | Email: tan...@od..., tan...@ba...
>
> |-----------------------------------------------------------------------------------
>
>
>
> ______________________________________________________________________
> From: David RR Webber (XML) [mailto:da...@dr...]
> Sent: Monday, May 15, 2006 8:41 AM
> To: Tanveer, Ashique (NIH/OD) [C]
> Subject: [FWD: RE: [ebxmlms-general] Configuring SSL and Hermes - step
> by step Guide]
>
>
>
>
>
>
>
>
> -------- Original Message --------
> Subject: RE: [ebxmlms-general] Configuring SSL and Hermes -
> step by
> step Guide
> From: Ladislav Urban <lad...@we...>
> Date: Mon, May 08, 2006 3:25 pm
> To: ebx...@li...
>
> Hello Ashique,
> we use SSL configuration for hermes. You can set it up the
> same way as
> for tomcat.
> Are you going to use selfsigned certs?
>
> 1st Step
> create generate keys in keystores of both tomcats. The kystore
> is
> usually in root directory of the tomcat and its name
> is .keystore
>
> example:
> keytool -genkey -keyalg "RSA" -dname "cn=company1, ou=company,
> o=company1, c=US" -keystore ./.keystore -alias tomcat -keypass
> password222 -storepass password222
>
>
> 2nd Step:
>
> Configuration of msh.properties.xml
> <SSL>
>
> <HostnameVerifier>com.webswell.hermes.NullHostVerifier</HostnameVerifier>
> <TrustedAnchor>
> <!-- Trust keystore for SSL Server Authentication -->
> <KeyStore>
> <Path>/usr/local/Webswell/jakarta-tomcat</Path>
> <File>.keystore</File>
> <Password>password222</Password>
> </KeyStore>
> </TrustedAnchor>
> <ClientAuth>
> <URL></URL>
> <KeyStore>
> <Path></Path>
> <File></File>
> <Alias></Alias>
> <Password></Password>
> </KeyStore>
> </ClientAuth>
> </SSL>
>
>
> As you can see we do have null host verifier. It switch off
> verification
> of host name in http request against host name in credentials.
> I can
> send you the java code.
>
> 3rd Step
>
> Export public part of the generated keys from both keystores.
> This will
> create the selfsigned certificate files.
> keytool -export -alias tomcat -keystore ./.keystore
> -storepass
> password222 -file ./company1.cer
>
>
> and import the certificates to the opposite keystore.
>
> Ladislav
>
> On Mon, 2006-05-08 at 12:53 -0400, Tanveer, Ashique (NIH/OD)
> [C] wrote:
> >
> >
> > I guess I am looking for something like a “SSL
> configuration with
> > Hermes for dummiesâ€. Assuming I have two Hermes server
> running on
> > Tomcat server, what are the steps (generate the certificate,
> keystore
> > etc,?) to have both Hermes communicate via SSL. I assume
> some
> > configuration needed on the tomcat as well as hermes
> properties files?
> > Any tips would help.
> >
> >
> >
> > Thanks
> >
> > -- Ashique
> >
> >
> >
> >
> |-----------------------------------------------------------------------------------
> >
> > | Ashique Tanveer
> >
> > | Booz | Allen | Hamilton
> >
> > |
> >
> > | Contractor, eRA Project, National Institute Of Health
> >
> > | Off: 301-451-1772 | Fax: 925-889-3635
> >
> > | Email: tan...@od..., tan...@ba...
> >
> >
> |-----------------------------------------------------------------------------------
> >
> >
> >
> >
> ______________________________________________________________________
> > From: David RR Webber (XML) [mailto:da...@dr...]
> > Sent: Monday, May 08, 2006 12:33 PM
> > To: ebx...@li...
> > Subject: [ebxmlms-general] Configuring SSL and Hermes - step
> by step
> > Guide
> >
> >
> >
> >
> > Team,
> >
> >
> >
> >
> >
> > Does anyone have any notes they can share on setting up
> Hermes <->
> > Hermes using SSL?
> >
> >
> >
> >
> >
> > The Hermes docs are not forthcoming on this - so would be
> helpful to
> > have something available.
> >
> >
> >
> >
> >
> > More to the point - if you succeeded in getting this working
> - can you
> > share the steps you
> >
> >
> > had to go thru?!
> >
> >
> >
> >
> >
> > Thanks, DW
> >
> >
> > -------------------------------------------------------
> Using Tomcat
> > but need to do more? Need to support web services, security?
> Get stuff
> > done quickly with pre-integrated technology to make your job
> easier
> > Download IBM WebSphere Application Server v.1.0.1 based on
> Apache
> > Geronimo
> >
> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ ebxmlms-general mailing list ebx...@li... https://lists.sourceforge.net/lists/listinfo/ebxmlms-general
> >
> >
> --
> Ladislav Urban
> CEO
> Webswell Inc.
> 1333 Howe Avenue, Suite 100
> Sacramento, 95825 CA
> email: lad...@we...
> phone: +1 (916) 290-2040
> fax: +1 (916) 921-2850
> http://www.webswell.com
>
>
>
> -------------------------------------------------------
> Using Tomcat but need to do more? Need to support web
> services, security?
> Get stuff done quickly with pre-integrated technology to make
> your job easier
> Download IBM WebSphere Application Server v.1.0.1 based on
> Apache Geronimo
> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
> _______________________________________________
> ebxmlms-general mailing list
> ebx...@li...
> https://lists.sourceforge.net/lists/listinfo/ebxmlms-general
>
--
Ladislav Urban
CEO
Webswell Inc.
1333 Howe Avenue, Suite 100
Sacramento, 95825 CA
email: lad...@we...
phone: +1 (916) 290-2040
fax: +1 (916) 921-2850
http://www.webswell.com
|
