| Author |
Message
|
| _Angus_ |
 Posted: Tue Mar 11, 2008 8:52 am Post subject: HTTP, HTTPS and listeners... |
 |
|
Acolyte
Joined: 25 Apr 2005
Posts: 54
Location: Edinburgh
|
I'm hoping someone has come across this problem before:
I'm using WMB v6005 and trying to config an HTTP plus HTTPS listener, (both using the default ports 7080 & 7083). I have everything configured right up until the point I issue:
"mqsichangeproperties B1DUNTEST -b httplistener -o HTTPListener -n enableSSLConnector -v true"
Before I issue the above command to SSL enable (i.e. start the HTTPS listener) the httplistener the HTTP listener is quite happily processing requests on port 7080. As soon as I SSL enable connections are refused for HTTP requests! Now I understood the Broker would kick off a second listener for the HTTPS stuff but it appears to be shutting down the HTTP listener.
I have flows deployed with HTTP input nodes for HTTP and HTTPS so there should be no issue there with the Broker not starting the listener because there's nothing using it.
Any help would be much appreciated (help in terms of 'try bouncing the Broker' will not inspire me with confidence!!).
Angus C 
_________________
*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
Angus Cooke ~ AngusSoft
Integration Development Tools
*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* |
|
| Back to top |
|
 |
| _Angus_ |
| Posted: Tue Mar 11, 2008 8:54 am Post subject: |
|
|
Acolyte
Joined: 25 Apr 2005
Posts: 54
Location: Edinburgh
|
I should also mention turned off SSL (-v false) restores operation of the HTTP listener.
_________________
*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
Angus Cooke ~ AngusSoft
Integration Development Tools
*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* |
|
| Back to top |
|
|
| jefflowrey |
| Posted: Tue Mar 11, 2008 9:17 am Post subject: |
|
|
Grand Poobah
Joined: 16 Oct 2002
Posts: 19981
|
Redeploy one of your HTTP flows and bounce the Broker, twice...
Try respecifying the default port to the HTTPConnector after turning on SSL.
_________________
I am *not* the model of the modern major general. |
|
| Back to top |
|
|
| _Angus_ |
| Posted: Tue Mar 11, 2008 9:26 am Post subject: |
|
|
Acolyte
Joined: 25 Apr 2005
Posts: 54
Location: Edinburgh
|
Heh heh 
Am I to interpret that as 'b*ggered if I know!' or 'let me teach you the ways of the HTTP undocumented features... '
Any useful 'voodoo' around HTTP and HTTPS in the Broker would be most welcome!
_________________
*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
Angus Cooke ~ AngusSoft
Integration Development Tools
*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* |
|
| Back to top |
|
|
| jefflowrey |
| Posted: Tue Mar 11, 2008 9:27 am Post subject: |
|
|
Grand Poobah
Joined: 16 Oct 2002
Posts: 19981
|
| _Angus_ wrote: |
Heh heh
Am I to interpret that as 'b*ggered if I know!' or 'let me teach you the ways of the HTTP undocumented features... ' |
What happens when you try it... 
_________________
I am *not* the model of the modern major general. |
|
| Back to top |
|
|
| _Angus_ |
| Posted: Tue Mar 11, 2008 9:49 am Post subject: |
|
|
Acolyte
Joined: 25 Apr 2005
Posts: 54
Location: Edinburgh
|
Ok, re-specified the HTTP port, re-deployed the flows and bounced the Broker ... and got redirected to www.didnt_make_any_difference.com ...
I've just checked the "Slightly flakey' box on my assessment form. All joking aside do you know if this is a known problem area or is it likely I'm missing something on the config?
Having one listener of either type is fine I just can't get them to work together!
_________________
*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
Angus Cooke ~ AngusSoft
Integration Development Tools
*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* |
|
| Back to top |
|
|
| jefflowrey |
| Posted: Tue Mar 11, 2008 10:03 am Post subject: |
|
|
Grand Poobah
Joined: 16 Oct 2002
Posts: 19981
|
Did you bounce the broker twice?
It is necessary to do this to get the Broker to pick up URL changes....
otherwise... 
_________________
I am *not* the model of the modern major general. |
|
| Back to top |
|
|
| jefflowrey |
| Posted: Tue Mar 11, 2008 10:49 am Post subject: |
|
|
Grand Poobah
Joined: 16 Oct 2002
Posts: 19981
|
| jefflowrey wrote: |
| |
I'm able to... mostly... get this working. I don't have my browser accepting the SSL certificate, but that's not a broker problem per se.
I set different ports for HTTP and HTTPS listener, I verified that there were no errors that showed up during broker startup, I verified that HTTP flows were not trying to use the same URLs as HTTPS flows (I doubt that matters, but it might). I verified that the biphttplistener was restarted when I restarted Broker...
I did have to create the broker keystore in the default location and I did have to add the keystore password.
But now when I go to http://localhost:11112/nossl, I get back something and when I go to https://localhost:11111/ssl, I get a certificate validation error.
EDIT: and this is with my 6.0.0.5 broker and not my 6.1.0.1 broker...
_________________
I am *not* the model of the modern major general. |
|
| Back to top |
|
|
| _Angus_ |
| Posted: Wed Mar 12, 2008 9:20 am Post subject: |
|
|
Acolyte
Joined: 25 Apr 2005
Posts: 54
Location: Edinburgh
|
Thanks Jeff, that worked perfectly  (no certificate problems either and across different hosts).
As I'm assessing this for a production system it does make me slightly nervous though. Bouncing the Broker twice and not using the default ports smacks of much flakiness to me I would be a lot more comfortable if it worked as documented! 
Cheers again,
Angus (who now knows far more about CA's, SSL, key pairs & certificates than is healthy!)
_________________
*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
Angus Cooke ~ AngusSoft
Integration Development Tools
*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* |
|
| Back to top |
|
|
| jefflowrey |
| Posted: Wed Mar 12, 2008 9:34 am Post subject: |
|
|
Grand Poobah
Joined: 16 Oct 2002
Posts: 19981
|
Well, I only got the cert problems because I didn't do anything with the keyring other than the bare minimum to get the HTTPS connector to start...
And you should be able to get it to work just fine on the default ports. You might have to set it to non-default ports first....
If you were really concerned about this, you can certainly open a PMR.
_________________
I am *not* the model of the modern major general. |
|
| Back to top |
|
|
|
|
