Menu
▾
▴
RE: [FWD: RE: [ebxmlms-general] Configuring SSL and Hermes - step by step Guide]
|
From: David RR W. \(XML\) <da...@dr...> - 2006-05-19 13:00:37
|
<div>Ladislav,</div> <div> </div> <div>OK - quick update - we now have this all fully working - many thanks for the hints and help - it all contributed to figuring out all the various parts.</div> <div> </div> <div>We should be going into pre-production testing next week - and at that point we can share the installation documentation public link once its live with details of all that is needed to get this setup.</div> <div> </div> <div>Thanks, DW<BR></div> <DIV id=wmMessageComp name="wmMessageComp"><BR><BR> <BLOCKQUOTE style="PADDING-LEFT: 8px; MARGIN-LEFT: 8px; BORDER-LEFT: blue 2px solid">-------- Original Message --------<BR>Subject: RE: [FWD: RE: [ebxmlms-general] Configuring SSL and Hermes -<BR>step by step Guide]<BR>From: Ladislav Urban <lad...@we...><BR>Date: Thu, May 18, 2006 10:30 pm<BR>To: ebxmlms-general <ebx...@li...>, "Tanveer,<BR>Ashique (NIH/OD) [C]" <tan...@od...><BR><BR>Could you please write detail error message from logs?<BR><BR><BR>On Mon, 2006-05-15 at 16:54 -0400, Tanveer, Ashique (NIH/OD) [C] wrote:<BR>> Ladislav,<BR>> <BR>> <BR>> <BR>> Will you be able to send me your complete msh_properties.xml file and<BR>> also tell me if using the NullHostVerifier is enough to turn off host<BR>> verification.<BR>> <BR>> I keep getting the error: Hostname should be <120.123.134.111><BR>> <BR>> <BR>> <BR>> Any help will be hugely appreciated.<BR>> <BR>> Thanks so much in advance<BR>> <BR>> <BR>> <BR>> |-----------------------------------------------------------------------------------<BR>> <BR>> | Ashique Tanveer<BR>> <BR>> | Booz | Allen | Hamilton<BR>> <BR>> |<BR>> <BR>> | Contractor, eRA Project, National Institute Of Health<BR>> <BR>> | Off: 301-451-1772 | Fax: 925-889-3635<BR>> <BR>> | Email: tan...@od..., tan...@ba... <BR>> <BR>> |-----------------------------------------------------------------------------------<BR>> <BR>> <BR>> <BR>> ______________________________________________________________________<BR>> From: David RR Webber (XML) [mailto:da...@dr...] <BR>> Sent: Monday, May 15, 2006 8:41 AM<BR>> To: Tanveer, Ashique (NIH/OD) [C]<BR>> Subject: [FWD: RE: [ebxmlms-general] Configuring SSL and Hermes - step<BR>> by step Guide]<BR>> <BR>> <BR>> <BR>> <BR>> <BR>> <BR>> <BR>> <BR>> -------- Original Message --------<BR>> Subject: RE: [ebxmlms-general] Configuring SSL and Hermes -<BR>> step by<BR>> step Guide<BR>> From: Ladislav Urban <lad...@we...><BR>> Date: Mon, May 08, 2006 3:25 pm<BR>> To: ebx...@li...<BR>> <BR>> Hello Ashique,<BR>> we use SSL configuration for hermes. You can set it up the<BR>> same way as<BR>> for tomcat. <BR>> Are you going to use selfsigned certs?<BR>> <BR>> 1st Step<BR>> create generate keys in keystores of both tomcats. The kystore<BR>> is<BR>> usually in root directory of the tomcat and its name<BR>> is .keystore<BR>> <BR>> example:<BR>> keytool -genkey -keyalg "RSA" -dname "cn=company1, ou=company,<BR>> o=company1, c=US" -keystore ./.keystore -alias tomcat -keypass<BR>> password222 -storepass password222<BR>> <BR>> <BR>> 2nd Step:<BR>> <BR>> Configuration of msh.properties.xml<BR>> <SSL><BR>> <BR>> <HostnameVerifier>com.webswell.hermes.NullHostVerifier</HostnameVerifier><BR>> <TrustedAnchor><BR>> <!-- Trust keystore for SSL Server Authentication --><BR>> <KeyStore><BR>> <Path>/usr/local/Webswell/jakarta-tomcat</Path><BR>> <File>.keystore</File><BR>> <Password>password222</Password><BR>> </KeyStore><BR>> </TrustedAnchor><BR>> <ClientAuth><BR>> <URL></URL><BR>> <KeyStore><BR>> <Path></Path><BR>> <File></File><BR>> <Alias></Alias><BR>> <Password></Password><BR>> </KeyStore><BR>> </ClientAuth><BR>> </SSL><BR>> <BR>> <BR>> As you can see we do have null host verifier. It switch off<BR>> verification<BR>> of host name in http request against host name in credentials.<BR>> I can<BR>> send you the java code.<BR>> <BR>> 3rd Step <BR>> <BR>> Export public part of the generated keys from both keystores.<BR>> This will<BR>> create the selfsigned certificate files.<BR>> keytool -export -alias tomcat -keystore ./.keystore<BR>> -storepass<BR>> password222 -file ./company1.cer<BR>> <BR>> <BR>> and import the certificates to the opposite keystore.<BR>> <BR>> Ladislav <BR>> <BR>> On Mon, 2006-05-08 at 12:53 -0400, Tanveer, Ashique (NIH/OD)<BR>> [C] wrote:<BR>> > <BR>> > <BR>> > I guess I am looking for something like a “SSL<BR>> configuration with<BR>> > Hermes for dummies”. Assuming I have two Hermes server<BR>> running on<BR>> > Tomcat server, what are the steps (generate the certificate,<BR>> keystore<BR>> > etc,?) to have both Hermes communicate via SSL. I assume<BR>> some<BR>> > configuration needed on the tomcat as well as hermes<BR>> properties files?<BR>> > Any tips would help.<BR>> > <BR>> > <BR>> > <BR>> > Thanks<BR>> > <BR>> > -- Ashique<BR>> > <BR>> > <BR>> > <BR>> ><BR>> |-----------------------------------------------------------------------------------<BR>> > <BR>> > | Ashique Tanveer<BR>> > <BR>> > | Booz | Allen | Hamilton<BR>> > <BR>> > |<BR>> > <BR>> > | Contractor, eRA Project, National Institute Of Health<BR>> > <BR>> > | Off: 301-451-1772 | Fax: 925-889-3635<BR>> > <BR>> > | Email: tan...@od..., tan...@ba... <BR>> > <BR>> ><BR>> |-----------------------------------------------------------------------------------<BR>> > <BR>> > <BR>> > <BR>> ><BR>> ______________________________________________________________________<BR>> > From: David RR Webber (XML) [mailto:da...@dr...] <BR>> > Sent: Monday, May 08, 2006 12:33 PM<BR>> > To: ebx...@li...<BR>> > Subject: [ebxmlms-general] Configuring SSL and Hermes - step<BR>> by step<BR>> > Guide<BR>> > <BR>> > <BR>> > <BR>> > <BR>> > Team,<BR>> > <BR>> > <BR>> > <BR>> > <BR>> > <BR>> > Does anyone have any notes they can share on setting up<BR>> Hermes <-><BR>> > Hermes using SSL?<BR>> > <BR>> > <BR>> > <BR>> > <BR>> > <BR>> > The Hermes docs are not forthcoming on this - so would be<BR>> helpful to<BR>> > have something available.<BR>> > <BR>> > <BR>> > <BR>> > <BR>> > <BR>> > More to the point - if you succeeded in getting this working<BR>> - can you<BR>> > share the steps you <BR>> > <BR>> > <BR>> > had to go thru?!<BR>> > <BR>> > <BR>> > <BR>> > <BR>> > <BR>> > Thanks, DW<BR>> > <BR>> > <BR>> > -------------------------------------------------------<BR>> Using Tomcat<BR>> > but need to do more? Need to support web services, security?<BR>> Get stuff<BR>> > done quickly with pre-integrated technology to make your job<BR>> easier<BR>> > Download IBM WebSphere Application Server v.1.0.1 based on<BR>> Apache<BR>> > Geronimo<BR>> ><BR>> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ ebxmlms-general mailing list ebx...@li... https://lists.sourceforge.net/lists/listinfo/ebxmlms-general <BR>> > <BR>> > <BR>> -- <BR>> Ladislav Urban<BR>> CEO<BR>> Webswell Inc.<BR>> 1333 Howe Avenue, Suite 100<BR>> Sacramento, 95825 CA<BR>> email: lad...@we...<BR>> phone: +1 (916) 290-2040<BR>> fax: +1 (916) 921-2850<BR>> http://www.webswell.com<BR>> <BR>> <BR>> <BR>> -------------------------------------------------------<BR>> Using Tomcat but need to do more? Need to support web<BR>> services, security?<BR>> Get stuff done quickly with pre-integrated technology to make<BR>> your job easier<BR>> Download IBM WebSphere Application Server v.1.0.1 based on<BR>> Apache Geronimo<BR>> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642<BR>> _______________________________________________<BR>> ebxmlms-general mailing list<BR>> ebx...@li...<BR>> https://lists.sourceforge.net/lists/listinfo/ebxmlms-general <BR>> <BR>-- <BR>Ladislav Urban<BR>CEO<BR>Webswell Inc.<BR>1333 Howe Avenue, Suite 100<BR>Sacramento, 95825 CA<BR>email: lad...@we...<BR>phone: +1 (916) 290-2040<BR>fax: +1 (916) 921-2850<BR>http://www.webswell.com<BR><BR><BR><BR>-------------------------------------------------------<BR>Using Tomcat but need to do more? Need to support web services, security?<BR>Get stuff done quickly with pre-integrated technology to make your job easier<BR>Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo<BR>http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642<BR>_______________________________________________<BR>ebxmlms-general mailing list<BR>ebx...@li...<BR>https://lists.sourceforge.net/lists/listinfo/ebxmlms-general </BLOCKQUOTE></DIV> |
