Menu
▾
▴
Re: Rif: [ebxmlms-develop] RE: Hermes & SSL
|
From: Patrick Y. <kc...@ce...> - 2004-04-17 14:10:32
|
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type"> <title></title> </head> <body bgcolor="#ffffff" text="#000000"> Dunia,<br> Don't know whether the following helps or not. When you create the server certificates, the common name should be the hostname or IP address of the server. According to our experience, you should use the same hostname or IP address in the URL when making HTTPS request to that server.<br> Regards, -Patrick<br> <br> Dunia Grandoni wrote:<br> <blockquote cite="mid...@mi..." type="cite"><br> <font size="2" face="sans-serif">Hi Venkat,</font> <br> <font size="2" face="sans-serif">I imported both server's certificates into the keystore, but I had no luck!!</font> <br> <font size="2" face="sans-serif">I'm getting frustrated!</font> <br> <font size="2" face="sans-serif">Anyway I really appreciated your reply!</font> <br> <font size="2" face="sans-serif">Thank you,</font> <br> <font size="2" face="sans-serif">Dunia<br> </font> <br> <br> <font size="2"><tt><a class="moz-txt-link-abbreviated" href="mailto:ebx...@li...">ebx...@li...</a> scritti il 04/07/2004 06:34:56 AM<br> <br> > Dunia<br> > you need to import each of the other certs into<br> > keystore as well in addition to cacerts.<br> > <br> > keytool -import ..........<br> > <br> > <br> > <br> > -Venkat<br> > <br> > <br> > --- <a class="moz-txt-link-abbreviated" href="mailto:ebx...@li...">ebx...@li...</a><br> > wrote:<br> > > Send ebxmlms-develop mailing list submissions to<br> > > <a class="moz-txt-link-abbreviated" href="mailto:ebx...@li...">ebx...@li...</a><br> > > <br> > > To subscribe or unsubscribe via the World Wide Web,<br> > > visit<br> > > <br> > ><br> > <a class="moz-txt-link-freetext" href="https://lists.sourceforge.net/lists/listinfo/ebxmlms-develop">https://lists.sourceforge.net/lists/listinfo/ebxmlms-develop</a><br> > > or, via email, send a message with subject or body<br> > > 'help' to<br> > > <a class="moz-txt-link-abbreviated" href="mailto:ebx...@li...">ebx...@li...</a><br> > > <br> > > You can reach the person managing the list at<br> > > <a class="moz-txt-link-abbreviated" href="mailto:ebx...@li...">ebx...@li...</a><br> > > <br> > > When replying, please edit your Subject line so it<br> > > is more specific<br> > > than "Re: Contents of ebxmlms-develop digest..."<br> > > <br> > > <br> > > Today's Topics:<br> > > <br> > > 1. Hermes & SSL (Dunia Grandoni)<br> > > 2. RE: Hermes & SSL (Mayne, Peter)<br> > > <br> > > --__--__--<br> > > <br> > > Message: 1<br> > > To: <a class="moz-txt-link-abbreviated" href="mailto:ebx...@li...">ebx...@li...</a><br> > > From: Dunia Grandoni <a class="moz-txt-link-rfc2396E" href="mailto:DGr...@mi..."><DGr...@mi...></a><br> > > Date: Tue, 6 Apr 2004 11:45:01 +0200<br> > > Subject: [ebxmlms-develop] Hermes & SSL<br> > > Reply-To: <a class="moz-txt-link-abbreviated" href="mailto:ebx...@li...">ebx...@li...</a><br> > > <br> > > Questo Š un messaggio multiparte in formato MIME.<br> > > --=_alternative 003575EAC1256E6E_=<br> > > Content-Type: text/plain; charset="US-ASCII"<br> > > <br> > > Hi all,<br> > > I am new to Hermes MSH, so I apologise in advance<br> > > for the questions I'm <br> > > posting.<br> > > I cannot make my Hermes MSH application work with<br> > > https.<br> > > I read the previous post 'about Hermes & SSL' and I<br> > > tried to make the <br> > > changes mentioned <br> > > there, but I had no success.<br> > > Here's what I have to manage:<br> > > There's a Tomcat 4.1.27, SSL enabled, on a Windows<br> > > 2000 platform (A); an <br> > > application that uses<br> > > msh is running on it, it is used to send (and<br> > > receive) invoices to a twin <br> > > application that is running<br> > > on another server (Tomcat 4.1.27, SSL enabled, on a<br> > > Linux platform (B)).<br> > > What I did is creating (with java keytool) a<br> > > certificate for each server <br> > > and then I imported in <JRE>/lib/security/cacerts<br> > > of A the certificate of B and viceversa. <br> > > When trying to send an invoice from A to B I get an<br> > > exception: <br> > ><br> > hk.hku.cecid.phoenix.message.handler.RequestException:<br> > > <br> > > sun.security.validator.ValidatorException: No<br> > > trusted certificate found<br> > > and no message is sent.<br> > > Could someone help me configuring msh right?<br> > > Thank you so much<br> > > Dunia<br> > > <br> > > <br> > > --=_alternative 003575EAC1256E6E_=<br> > > Content-Type: text/html; charset="US-ASCII"<br> > > <br> > > <br> > > <br><font size=2 face="sans-serif">Hi all,</font><br> > > <br><font size=2 face="sans-serif">I am new to<br> > > Hermes MSH, so I apologise<br> > > in advance for the questions I'm posting.</font><br> > > <br><font size=2 face="sans-serif">I cannot make my<br> > > Hermes MSH application<br> > > work with https.</font><br> > > <br><font size=2 face="sans-serif">I read the<br> > > previous post 'about Hermes<br> > > &amp; SSL' and I tried to make the changes mentioned<br> > > </font><br> > > <br><font size=2 face="sans-serif">there, but I had<br> > > no success.</font><br> > > <br><font size=2 face="sans-serif">Here's what I<br> > > have to manage:</font><br> > > <br><font size=2 face="sans-serif">There's a Tomcat<br> > > 4.1.27, SSL enabled,<br> > > on a Windows 2000 platform (A); an application that<br> > > uses</font><br> > > <br><font size=2 face="sans-serif">msh is running on<br> > > it, it is used to<br> > > send (and receive) invoices to a twin application<br> > > that is running</font><br> > > <br><font size=2 face="sans-serif">on another server<br> > > (Tomcat 4.1.27, SSL<br> > > enabled, on a Linux platform (B)).</font><br> > > <br><font size=2 face="sans-serif">What I did is<br> > > creating (with java keytool)<br> > > a certificate for each server and then I imported in<br> > > &lt;JRE&gt;/lib/security/cacerts</font><br> > > <br><font size=2 face="sans-serif">of A the<br> > > certificate of B and viceversa.<br> > > </font><br> > > <br><font size=2 face="sans-serif">When trying to<br> > > send an invoice from<br> > > A to B I get an exception:<br> > ><br> > &nbsp;hk.hku.cecid.phoenix.message.handler.RequestException:<br> > > sun.security.validator.ValidatorException: No<br> > > trusted certificate found</font><br> > > <br><font size=2 face="sans-serif">and no message is<br> > > sent.</font><br> > > <br><font size=2 face="sans-serif">Could someone<br> > > help me configuring msh<br> > > right?</font><br> > > <br><font size=2 face="sans-serif">Thank you so<br> > > much</font><br> > > <br><font size=2 face="sans-serif">Dunia</font><br> > > <br><font size=2 face="sans-serif"><br><br> > > </font><br> > > --=_alternative 003575EAC1256E6E_=--<br> > > <br> > > <br> > > --__--__--<br> > > <br> > > Message: 2<br> > > From: "Mayne, Peter" <a class="moz-txt-link-rfc2396E" href="mailto:Pet...@ap..."><Pet...@ap...></a><br> > > To: <a class="moz-txt-link-rfc2396E" href="mailto:ebx...@li..."><ebx...@li...></a><br> > > Subject: RE: [ebxmlms-develop] Hermes & SSL<br> > > Date: Wed, 7 Apr 2004 10:00:32 +1000 <br> > > Reply-To: <a class="moz-txt-link-abbreviated" href="mailto:ebx...@li...">ebx...@li...</a><br> > > <br> > > This is a multi-part message in MIME format.<br> > > <br> > > ------=_NextPart_000_159B1_01C41C87.4ED12AB0<br> > > Content-Type: multipart/alternative;<br> > > boundary="----_=_NextPart_001_01C41C33.58A58990"<br> > > <br> > > <br> > > ------_=_NextPart_001_01C41C33.58A58990<br> > > Content-Transfer-Encoding: quoted-printable<br> > > Content-Type: text/plain;<br> > > charset="iso-8859-1"<br> > > <br> > > (Disclaimer: I don't actually do this, because for<br> > > one reason or =<br> > > another, I<br> > > comment out most of the Http class used in Hermes,<br> > > including the =<br> > > keystore<br> > > stuff.)<br> > > =20<br> > > I believe Hermes uses its own trust store. Look in<br> > > msh.properties.xml at<br> > > //Property/MSH/SSL and use your own keystore, rather<br> > > than modifying the =<br> > > one<br> > > in JAVA_HOME/lib/security.<br> > > =20<br> > > PJDM<br> > > --<br> > > Peter Mayne<br> > > Technology Consultant<br> > > Spherion Technology Solutions<br> > > Level 1, 243 Northbourne Avenue, Lyneham, ACT, 2602<br> > > T: 61 2 62689727 F: 61 2 62689777=20<br> > > <br> > > -----Original Message-----<br> > > From: Dunia Grandoni<br> > > [<a class="moz-txt-link-freetext" href="mailto:DGr...@mi...">mailto:DGr...@mi...</a>]=20<br> > > Sent: Tuesday, 6 April 2004 7:45 PM<br> > > To: <a class="moz-txt-link-abbreviated" href="mailto:ebx...@li...">ebx...@li...</a><br> > > Subject: [ebxmlms-develop] Hermes & SSL<br> > > <br> > > <br> > > <br> > > Hi all,=20<br> > > I am new to Hermes MSH, so I apologise in advance<br> > > for the questions I'm<br> > > posting.=20<br> > > I cannot make my Hermes MSH application work with<br> > > https.=20<br> > > I read the previous post 'about Hermes & SSL' and I<br> > > tried to make the<br> > > changes mentioned=20<br> > > there, but I had no success.=20<br> > > Here's what I have to manage:=20<br> > > There's a Tomcat 4.1.27, SSL enabled, on a Windows<br> > > 2000 platform (A); an<br> > > application that uses=20<br> > > msh is running on it, it is used to send (and<br> > > receive) invoices to a =<br> > > twin<br> > > application that is running=20<br> > > on another server (Tomcat 4.1.27, SSL enabled, on a<br> > > Linux platform (B)). =<br> > > <br> > > What I did is creating (with java keytool) a<br> > > certificate for each server =<br> > > and<br> > > then I imported in <JRE>/lib/security/cacerts=20<br> > > of A the certificate of B and viceversa.=20<br> > > When trying to send an invoice from A to B I get an<br> > > exception:<br> > ><br> > hk.hku.cecid.phoenix.message.handler.RequestException:<br> > > sun.security.validator.ValidatorException: No<br> > > trusted certificate found=20<br> > > and no message is sent.=20<br> > > Could someone help me configuring msh right?=20<br> > > Thank you so much=20<br> > > Dunia=20<br> > > <br> > > <br> > > <br> > > <br> > > <br> > > The information contained in this email and any<br> > > attachments to it:<br> > > <br> > > (a) may be confidential and if you are not the<br> > > intended recipient, any =<br> > > interference with,=20<br> > > use, disclosure or copying of this material is<br> > > unauthorised and =<br> > > prohibited; and<br> > > <br> > > (b) may contain personal information of the<br> > > recipient and/or the sender =<br> > > as defined=20<br> > > under the Privacy Act 1988 (Cth). Consent is hereby<br> > > given by the =<br> > > recipient(s) to=20<br> > > collect, hold and use such information and any<br> > > personal information =<br> > > contained in a=20<br> > > response to this email, for any reasonable purpose<br> > > in the ordinary =<br> > > course of=20<br> > > Spherion's=20<br> > > business, including forwarding this email internally<br> > > or disclosing it to =<br> > > a third party. All=20<br> > > personal information collected by Spherion will be<br> > > handled in accordance =<br> > > with=20<br> > > Spherion's Privacy Policy. If you have received this<br> > > email in error, =<br> > > please notify the=20<br> > > sender and delete it.<br> > > <br> > > (c) you agree not to employ or arrange employment<br> > > for any candidate(s) =<br> > > supplied in=20<br> > > this email and any attachments without first<br> > > entering into a contractual =<br> > > agreement with=20<br> > > Spherion. You further agree not to divulge any<br> > > information contained in =<br> > > this document=20<br> > > to any person(s) or entities without the express<br> > > permission of Spherion.<br> > > <br> > > <br> > > <br> > > ------_=_NextPart_001_01C41C33.58A58990<br> > > Content-Transfer-Encoding: quoted-printable<br> > > Content-Type: text/html;<br> > > charset="iso-8859-1"<br> > > <br> > > <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0<br> > > Transitional//EN"><br> > > <HTML><HEAD><br> > > <META HTTP-EQUIV=3D"Content-Type"<br> > > CONTENT=3D"text/html; =<br> > > charset=3DUS-ASCII"><br> > > <TITLE>Message</TITLE><br> > > <br> > > <META content=3D"MSHTML 6.00.2800.1264"<br> > > name=3DGENERATOR></HEAD><br> > > <BODY><br> > > <DIV><SPAN class=3D448475623-06042004><FONT<br> > > face=3DArial =<br> > > size=3D2>(Disclaimer: I don't=20<br> > > actually do this, because for one reason or another,<br> > > I comment out most =<br> > > of the=20<br> > > Http class used in Hermes, including the keystore =<br> > > stuff.)</FONT></SPAN></DIV><br> > > <DIV><SPAN class=3D448475623-06042004><FONT<br> > > face=3DArial=20<br> > > size=3D2></FONT></SPAN>&nbsp;</DIV><br> > > <DIV><SPAN class=3D448475623-06042004><FONT<br> > > face=3DArial size=3D2>I =<br> > > believe Hermes=20<br> > > uses its own trust store. Look in msh.properties.xml<br> > > at =<br> > > //Property/MSH/SSL and=20<br> > > use your own keystore, rather than modifying the one<br> > > in=20<br> > > JAVA_HOME/lib/security.</FONT></SPAN></DIV><br> > > <DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV><br> > > <DIV><SPAN class=3D448475623-06042004><FONT<br> > > face=3DArial=20<br> > > size=3D2>PJDM<BR></FONT></SPAN><FONT<br> > > size=3D2>--<BR>Peter =<br> > > Mayne<BR>Technology=20<br> > > Consultant<BR>Spherion Technology Solutions<BR>Level<br> > > 1, 243 Northbourne =<br> > > Avenue,=20<br> > > Lyneham, ACT, 2602<BR>T: 61 2 62689727&nbsp; F: 61 2<br> > > 62689777</FONT> =<br> > > </DIV><br> > > <BLOCKQUOTE=20<br> > > style=3D"PADDING-LEFT: 5px; MARGIN-LEFT: 5px;<br> > > BORDER-LEFT: #000000 2px =<br> > > solid; MARGIN-RIGHT: 0px"><br> > > <DIV></DIV><br> > > <DIV class=3DOutlookMessageHeader lang=3Den-us<br> > > dir=3Dltr =<br> > > align=3Dleft><FONT=20<br> > > face=3DTahoma size=3D2>-----Original<br> > > Message-----<BR><B>From:</B> =<br> > > Dunia Grandoni=20<br> > > [<a class="moz-txt-link-freetext" href="mailto:DGr...@mi...">mailto:DGr...@mi...</a>] <BR><B>Sent:</B><br> > > Tuesday, 6 April 2004 =<br> > > 7:45=20<br> > > PM<BR><B>To:</B> =<br> > ><br> > <a class="moz-txt-link-abbreviated" href="mailto:ebx...@li...">ebx...@li...</a><BR><B>Subject:</B>=20<br> > > [ebxmlms-develop] Hermes &amp;<br> > > SSL<BR><BR></FONT></DIV><BR><FONT=20<br> > > face=3Dsans-serif size=3D2>Hi all,</FONT><br> > > <BR><FONT face=3Dsans-serif =<br> > > size=3D2>I am=20<br> > > new to Hermes MSH, so I apologise in advance for<br> > > the questions I'm=20<br> > > posting.</FONT> <BR><FONT face=3Dsans-serif<br> > > size=3D2>I cannot make my =<br> > > Hermes MSH=20<br> > > application work with https.</FONT> <BR><FONT<br> > > face=3Dsans-serif =<br> > > size=3D2>I read=20<br> > > the previous post 'about Hermes &amp; SSL' and I<br> > > tried to make the =<br> > > changes=20<br> > > mentioned </FONT><BR><FONT face=3Dsans-serif<br> > > size=3D2>there, but I had =<br> > > no=20<br> > > success.</FONT> <BR><FONT face=3Dsans-serif<br> > > size=3D2>Here's what I =<br> > > have to=20<br> > > manage:</FONT> <BR><FONT face=3Dsans-serif<br> > > size=3D2>There's a Tomcat =<br> > > 4.1.27, SSL=20<br> > > enabled, on a Windows 2000 platform (A); an<br> > > application that =<br> > > uses</FONT>=20<br> > > <BR><FONT face=3Dsans-serif size=3D2>msh is<br> > > running on it, it is used =<br> > > to send (and=20<br> > > receive) invoices to a twin application that is<br> > > running</FONT> =<br> > > <BR><FONT=20<br> > > face=3Dsans-serif size=3D2>on another server<br> > > (Tomcat 4.1.27, SSL =<br> > > enabled, on a=20<br> > > Linux platform (B)).</FONT> <BR><FONT<br> > > face=3Dsans-serif size=3D2>What =<br> > > I did is=20<br> > > creating (with java keytool) a certificate for<br> > > each server and then I =<br> > > imported=20<br> > > in &lt;JRE&gt;/lib/security/cacerts</FONT><br> > > <BR><FONT face=3Dsans-serif =<br> > > size=3D2>of=20<br> > > A the certificate of B and viceversa.<br> > > </FONT><BR><FONT =<br> > > face=3Dsans-serif=20<br> > > size=3D2>When trying to send an invoice from A to<br> > > B I get an =<br> > > exception:=20<br> > > <br> > ><br> > &nbsp;hk.hku.cecid.phoenix.message.handler.RequestException:=20<br> > > sun.security.validator.ValidatorException: No<br> > > trusted certificate =<br> > > found</FONT>=20<br> > > <BR><FONT face=3Dsans-serif size=3D2>and no<br> > > message is sent.</FONT> =<br> > > <BR><FONT=20<br> > > face=3Dsans-serif size=3D2>Could someone help me<br> > > configuring msh =<br> > > right?</FONT>=20<br> > > <BR><FONT face=3Dsans-serif size=3D2>Thank you so<br> > > much</FONT> =<br> > > <BR><FONT=20<br> > > face=3Dsans-serif size=3D2>Dunia</FONT> <BR><FONT<br> > > face=3Dsans-serif=20<br> > ><br> > size=3D2><BR></BLOCKQUOTE></FONT></BODY><!--[object_id=3D#ap.<br> > spherion.com= > #]--><P align=3Dleft><FONT face=3DTahoma<br> > > size=3D2></FONT>&nbsp;<FONT =<br> > > size=3D1>The information contained in this email and<br> > > any attachments to =<br> > > it:</FONT></P><br> > > <P align=3Dleft><FONT size=3D1>(a) may be<br> > > confidential and if you are =<br> > > not the intended recipient, any interference with,<br> > > <BR>use, disclosure =<br> > > or copying of this material is unauthorised and<br> > > prohibited; =<br> > > and</FONT></P><br> > > <P align=3Dleft><FONT size=3D1>(b) may contain<br> > > personal information of =<br> > > the recipient and/or the sender as defined <BR>under<br> > > the Privacy Act =<br> > > 1988 (Cth). Consent is hereby given by the<br> > > recipient(s) to <BR>collect, =<br> > > hold and use such information and any personal<br> > > information contained in =<br> > > a <BR>response to this email, for any reasonable<br> > > purpose in the ordinary =<br> > > course of <BR>Spherion's <BR>business, including<br> > > forwarding this email =<br> > > internally or disclosing it to a third party. All<br> > > <BR>personal =<br> > > information collected by Spherion will be handled in<br> > > accordance with =<br> > > <BR>Spherion's Privacy Policy. If you have received<br> > > this email in error, =<br> > > please notify the <BR>sender and delete<br> > > it.</FONT></P><br> > > <P align=3Dleft><FONT size=3D1>(c) you agree not to<br> > > employ or arrange =<br> > > employment for any candidate(s) supplied in <BR>this<br> > > email and any =<br> > > attachments without first entering into a<br> > > contractual agreement with =<br> > > <BR>Spherion. You further agree not to divulge any<br> > > information contained =<br> > > in this document <BR>to any person(s) or entities<br> > > without the express =<br> > > permission of Spherion.<BR></FONT></P><br> > > <P align=3Dleft><FONT face=3DTahoma size=3D2><FONT =<br> > > color=3D#0000ff><BR>&nbsp;</P></FONT></FONT></HTML><br> > > <br> > > ------_=_NextPart_001_01C41C33.58A58990--<br> > > <br> > > ------=_NextPart_000_159B1_01C41C87.4ED12AB0--<br> > > <br> > > <br> > > <br> > > --__--__--<br> > > <br> > > _______________________________________________<br> > > ebxmlms-develop mailing list<br> > > <a class="moz-txt-link-abbreviated" href="mailto:ebx...@li...">ebx...@li...</a><br> > ><br> > <a class="moz-txt-link-freetext" href="https://lists.sourceforge.net/lists/listinfo/ebxmlms-develop">https://lists.sourceforge.net/lists/listinfo/ebxmlms-develop</a><br> > > <br> > > <br> > > End of ebxmlms-develop Digest<br> > <br> > <br> > __________________________________<br> > Do you Yahoo!?<br> > Yahoo! Small Business $15K Web Design Giveaway <br> > <a class="moz-txt-link-freetext" href="http://promotions.yahoo.com/design_giveaway/">http://promotions.yahoo.com/design_giveaway/</a><br> > <br> > <br> > -------------------------------------------------------<br> > This SF.Net email is sponsored by: IBM Linux Tutorials<br> > Free Linux tutorial presented by Daniel Robbins, President and CEO of<br> > GenToo technologies. Learn everything from fundamentals to system<br> > administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click<br> > _______________________________________________<br> > ebxmlms-develop mailing list<br> > <a class="moz-txt-link-abbreviated" href="mailto:ebx...@li...">ebx...@li...</a><br> > <a class="moz-txt-link-freetext" href="https://lists.sourceforge.net/lists/listinfo/ebxmlms-develop">https://lists.sourceforge.net/lists/listinfo/ebxmlms-develop</a><br> </tt></font> </blockquote> <br> </body> </html> |
