Menu
▾
▴
RE: [FWD: RE: [ebxmlms-general] Configuring SSL and Hermes - step by step Guide]
|
From: Tanveer, A. \(NIH/OD\) [C] <tan...@od...> - 2006-05-19 13:05:13
|
Ladislav, =20 Thanks for all the help. Your suggestions earlier did help. We have = complete SSL communication now between 2 Hermes servers running on OC4J = and Tomcat. There was some confusion between the property files that = OC4J/Tomcat and Hermes exposes. The configurations needed to be in sync. = =20 Thanks -- Ashique =20 =20 ________________________________ From: David RR Webber (XML) [mailto:da...@dr...]=20 Sent: Friday, May 19, 2006 9:00 AM To: ebx...@li... Cc: Tanveer, Ashique (NIH/OD) [C] Subject: RE: [FWD: RE: [ebxmlms-general] Configuring SSL and Hermes - = step by step Guide] =20 Ladislav, =20 OK - quick update - we now have this all fully working - many thanks for = the hints and help - it all contributed to figuring out all the various = parts. =20 We should be going into pre-production testing next week - and at that = point we can share the installation documentation public link once its = live with details of all that is needed to get this setup. =20 Thanks, DW =20 -------- Original Message -------- Subject: RE: [FWD: RE: [ebxmlms-general] Configuring SSL and Hermes - step by step Guide] From: Ladislav Urban <lad...@we...> Date: Thu, May 18, 2006 10:30 pm To: ebxmlms-general <ebx...@li...>, "Tanveer, Ashique (NIH/OD) [C]" <tan...@od...> =09 Could you please write detail error message from logs? =09 =09 On Mon, 2006-05-15 at 16:54 -0400, Tanveer, Ashique (NIH/OD) [C] wrote: > Ladislav, >=20 > =20 >=20 > Will you be able to send me your complete msh_properties.xml file and > also tell me if using the NullHostVerifier is enough to turn off host > verification. >=20 > I keep getting the error: Hostname should be <120.123.134.111> >=20 > =20 >=20 > Any help will be hugely appreciated. >=20 > Thanks so much in advance >=20 > =20 >=20 > = |------------------------------------------------------------------------= ----------- >=20 > | Ashique Tanveer >=20 > | Booz | Allen | Hamilton >=20 > | >=20 > | Contractor, eRA Project, National Institute Of Health >=20 > | Off: 301-451-1772 | Fax: 925-889-3635 >=20 > | Email: tan...@od..., tan...@ba...=20 >=20 > = |------------------------------------------------------------------------= ----------- >=20 >=20 > =20 > = ______________________________________________________________________ > From: David RR Webber (XML) [mailto:da...@dr...]=20 > Sent: Monday, May 15, 2006 8:41 AM > To: Tanveer, Ashique (NIH/OD) [C] > Subject: [FWD: RE: [ebxmlms-general] Configuring SSL and Hermes - = step > by step Guide] >=20 >=20 > =20 >=20 > =20 >=20 > =20 > =20 > -------- Original Message -------- > Subject: RE: [ebxmlms-general] Configuring SSL and Hermes - > step by > step Guide > From: Ladislav Urban <lad...@we...> > Date: Mon, May 08, 2006 3:25 pm > To: ebx...@li... > =20 > Hello Ashique, > we use SSL configuration for hermes. You can set it up the > same way as > for tomcat.=20 > Are you going to use selfsigned certs? > =20 > 1st Step > create generate keys in keystores of both tomcats. The = kystore > is > usually in root directory of the tomcat and its name > is .keystore > =20 > example: > keytool -genkey -keyalg "RSA" -dname "cn=3Dcompany1, = ou=3Dcompany, > o=3Dcompany1, c=3DUS" -keystore ./.keystore -alias tomcat = -keypass > password222 -storepass password222 > =20 > =20 > 2nd Step: > =20 > Configuration of msh.properties.xml > <SSL> > =20 > = <HostnameVerifier>com.webswell.hermes.NullHostVerifier</HostnameVerifier>= > <TrustedAnchor> > <!-- Trust keystore for SSL Server Authentication --> > <KeyStore> > <Path>/usr/local/Webswell/jakarta-tomcat</Path> > <File>.keystore</File> > <Password>password222</Password> > </KeyStore> > </TrustedAnchor> > <ClientAuth> > <URL></URL> > <KeyStore> > <Path></Path> > <File></File> > <Alias></Alias> > <Password></Password> > </KeyStore> > </ClientAuth> > </SSL> > =20 > =20 > As you can see we do have null host verifier. It switch off > verification > of host name in http request against host name in = credentials. > I can > send you the java code. > =20 > 3rd Step=20 > =20 > Export public part of the generated keys from both keystores. > This will > create the selfsigned certificate files. > keytool -export -alias tomcat -keystore ./.keystore > -storepass > password222 -file ./company1.cer > =20 > =20 > and import the certificates to the opposite keystore. > =20 > Ladislav=20 > =20 > On Mon, 2006-05-08 at 12:53 -0400, Tanveer, Ashique (NIH/OD) > [C] wrote: > > =20 > >=20 > > I guess I am looking for something like a = =C3=A2=E2'=AC=C5"SSL > configuration with > > Hermes for dummies=C3=A2=E2'=AC=C2=9D. Assuming I have two = Hermes server > running on > > Tomcat server, what are the steps (generate the = certificate, > keystore > > etc,?) to have both Hermes communicate via SSL. I assume > some > > configuration needed on the tomcat as well as hermes > properties files? > > Any tips would help. > >=20 > > =20 > >=20 > > Thanks > >=20 > > -- Ashique > >=20 > > =20 > >=20 > > > = |------------------------------------------------------------------------= ----------- > >=20 > > | Ashique Tanveer > >=20 > > | Booz | Allen | Hamilton > >=20 > > | > >=20 > > | Contractor, eRA Project, National Institute Of Health > >=20 > > | Off: 301-451-1772 | Fax: 925-889-3635 > >=20 > > | Email: tan...@od..., tan...@ba...=20 > >=20 > > > = |------------------------------------------------------------------------= ----------- > >=20 > >=20 > > =20 > > > = ______________________________________________________________________ > > From: David RR Webber (XML) [mailto:da...@dr...]=20 > > Sent: Monday, May 08, 2006 12:33 PM > > To: ebx...@li... > > Subject: [ebxmlms-general] Configuring SSL and Hermes - = step > by step > > Guide > >=20 > >=20 > > =20 > >=20 > > Team, > >=20 > >=20 > > =20 > >=20 > >=20 > > Does anyone have any notes they can share on setting up > Hermes <-> > > Hermes using SSL? > >=20 > >=20 > > =20 > >=20 > >=20 > > The Hermes docs are not forthcoming on this - so would be > helpful to > > have something available. > >=20 > >=20 > > =20 > >=20 > >=20 > > More to the point - if you succeeded in getting this = working > - can you > > share the steps you=20 > >=20 > >=20 > > had to go thru?! > >=20 > >=20 > > =20 > >=20 > >=20 > > Thanks, DW > >=20 > >=20 > > ------------------------------------------------------- > Using Tomcat > > but need to do more? Need to support web services, = security? > Get stuff > > done quickly with pre-integrated technology to make your = job > easier > > Download IBM WebSphere Application Server v.1.0.1 based on > Apache > > Geronimo > > > = http://sel.as-us.falkag.net/sel?cmd=3Dlnk&kid=3D120709&bid=3D263057&dat=3D= 121642 _______________________________________________ ebxmlms-general = mailing list ebx...@li... = https://lists.sourceforge.net/lists/listinfo/ebxmlms-general=20 > >=20 > >=20 > --=20 > Ladislav Urban > CEO > Webswell Inc. > 1333 Howe Avenue, Suite 100 > Sacramento, 95825 CA > email: lad...@we... > phone: +1 (916) 290-2040 > fax: +1 (916) 921-2850 > http://www.webswell.com > =20 > =20 > =20 > ------------------------------------------------------- > Using Tomcat but need to do more? Need to support web > services, security? > Get stuff done quickly with pre-integrated technology to make > your job easier > Download IBM WebSphere Application Server v.1.0.1 based on > Apache Geronimo > = http://sel.as-us.falkag.net/sel?cmd=3Dlnk&kid=3D120709&bid=3D263057&dat=3D= 121642 > _______________________________________________ > ebxmlms-general mailing list > ebx...@li... > https://lists.sourceforge.net/lists/listinfo/ebxmlms-general=20 > =20 --=20 Ladislav Urban CEO Webswell Inc. 1333 Howe Avenue, Suite 100 Sacramento, 95825 CA email: lad...@we... phone: +1 (916) 290-2040 fax: +1 (916) 921-2850 http://www.webswell.com =09 =09 =09 ------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, = security? Get stuff done quickly with pre-integrated technology to make your job = easier Download IBM WebSphere Application Server v.1.0.1 based on Apache = Geronimo = http://sel.as-us.falkag.net/sel?cmd=3Dlnk&kid=3D120709&bid=3D263057&dat=3D= 121642 _______________________________________________ ebxmlms-general mailing list ebx...@li... https://lists.sourceforge.net/lists/listinfo/ebxmlms-general=20 |
