| Author |
Message
|
| tigerstone |
 Posted: Mon Jan 26, 2015 8:28 am Post subject: HTTPS Issue |
 |
|
Novice
Joined: 06 Feb 2014
Posts: 20
|
I check the use HTTPS box and provide the full URL "https//localhost/PortNo/PathSuffix" but upon deployment, application its is attempting to establish communication with "http//localhost/7800/PathSuffix"
Do I need to configure additional information for SSL? |
|
| Back to top |
|
 |
| Gaya3 |
| Posted: Mon Jan 26, 2015 8:30 am Post subject: |
|
|
Jedi
Joined: 12 Sep 2006
Posts: 2493
Location: Boston, US
|
where did you configure the https, did you set up the certs and all
if it is broker, did you load it properly and enabled the ports
_________________
Regards
Gayathri
-----------------------------------------------
Do Something Before you Die |
|
| Back to top |
|
|
| mqjeff |
| Posted: Mon Jan 26, 2015 8:57 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
| Why would you provide the full url, counter to what the documentation tells you? |
|
| Back to top |
|
|
| tigerstone |
| Posted: Mon Jan 26, 2015 10:27 am Post subject: |
|
|
Novice
Joined: 06 Feb 2014
Posts: 20
|
Im providing just the path suffix now. I set the policy set and bindings to default when configuring the bar file. For some reason it is not able to hit the service.
explicitlysetportnumber property also did not help.
But the same works fine for http. |
|
| Back to top |
|
|
| Vitor |
| Posted: Mon Jan 26, 2015 10:46 am Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
[quote="tigerstone"] For some reason it is not able to hit the service.
| Quote: |
For what reason, exactly? What errors and messages are you seeing?
[quote="tigerstone"]explicitlysetportnumber property also did not help. |
What port is actually in use; i.e. to what port is the PathSuffix endpoint bound? Are you sure you're using the HTTPS port not the HTTP one?
| tigerstone wrote: |
| But the same works fine for http. |
What SSL configuration do you have in place?
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| tigerstone |
| Posted: Mon Jan 26, 2015 1:29 pm Post subject: |
|
|
Novice
Joined: 06 Feb 2014
Posts: 20
|
Exception Message: Error making connection to "http://localhost:7080/slm/ping"
Exception Trace:
java.net.ConnectException: Connection refused: connect
at java.net.DualStackPlainSocketImpl.connect0(Native Method)
at java.net.DualStackPlainSocketImpl.socketConnect(Unknown Source)
at java.net.AbstractPlainSocketImpl.doConnect(Unknown Source)
at java.net.AbstractPlainSocketImpl.connectToAddress(Unknown Source)
at java.net.AbstractPlainSocketImpl.connect(Unknown Source)
at java.net.PlainSocketImpl.connect(Unknown Source)
at java.net.SocksSocketImpl.connect(Unknown Source)
at java.net.Socket.connect(Unknown Source)
at java.net.Socket.connect(Unknown Source)
at sun.net.NetworkClient.doConnect(Unknown Source)
at sun.net.www.http.HttpClient.openServer(Unknown Source)
at sun.net.www.http.HttpClient.openServer(Unknown Source)
at sun.net.www.http.HttpClient.<init>(Unknown Source)
at sun.net.www.http.HttpClient.New(Unknown Source)
at sun.net.www.http.HttpClient.New(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getNewHttpClient(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.plainConnect(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.connect(Unknown Source)
at com.ibm.etools.mft.unittest.core.transport.http.HttpClient.getHttpConnection(Unknown Source)
at com.ibm.etools.mft.unittest.core.transport.http.HttpClient.makeHttpCall(Unknown Source)
at com.ibm.etools.mft.unittest.core.transport.http.HttpClient.makeSOAPRequest(Unknown Source)
at com.ibm.etools.mft.unittest.core.transport.http.SendHTTPMessageDelegate.sendBytes(Unknown Source)
at com.ibm.etools.mft.unittest.core.commchannel.mb.AbstractSendMessageDelegate.sendPlainText(Unknown Source)
at com.ibm.etools.mft.unittest.core.commchannel.mb.AbstractSendMessageDelegate.sendMessage(Unknown Source)
at com.ibm.etools.mft.unittest.core.transport.http.HTTPHandler.send(Unknown Source)
at com.ibm.etools.mft.unittest.core.commchannel.mb.SendMessageOperation.sendMessage(Unknown Source)
at com.ibm.etools.mft.unittest.core.commchannel.jobs.SendMessageOperationJob.doRun(Unknown Source)
at com.ibm.etools.mft.unittest.core.commchannel.jobs.SendMessageOperationJob.run(Unknown Source)
at org.eclipse.core.internal.jobs.Worker.run(Unknown Source) |
|
| Back to top |
|
|
| mqjeff |
| Posted: Mon Jan 26, 2015 1:33 pm Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
Did you take any steps to enable https?
It's not turned on or configured by default.
You must follow the documented procedures to configure it. |
|
| Back to top |
|
|
| tigerstone |
| Posted: Mon Jan 26, 2015 3:09 pm Post subject: |
|
|
Novice
Joined: 06 Feb 2014
Posts: 20
|
The following step were performed:
mqsichangeproperties BROKER1 -b httplistener -o HTTPSConnector -n port -v 7843
mqsichangeproperties BROKER1 -e <EG Name> -o HTTPSConnector -n sslProtocol -v SSLv3
mqsireportproperties BROKER1 -o HTTPSConnector -e <EG Name> -r
HTTPSConnector
uuid='HTTPSConnector'
userTraceLevel='none'
traceLevel='none'
userTraceFilter='none'
traceFilter='none'
port='7843'
address=''
maxPostSize=''
acceptCount=''
compressableMimeTypes=''
compression=''
connectionLinger=''
connectionTimeout=''
maxHttpHeaderSize=''
maxKeepAliveRequests=''
maxThreads=''
minSpareThreads=''
noCompressionUserAgents=''
restrictedUserAgents=''
socketBuffer=''
tcpNoDelay=''
explicitlySetPortNumber='7843'
enableLookups=''
enableMQListener=''
shutdownDelay=''
allowCrossConnectorPolling=''
autoRespondHTTPHEADRequests=''
algorithm=''
clientAuth=''
keystoreFile=''
keystorePass='********'
keystoreType=''
truststoreFile=''
truststorePass='********'
truststoreType=''
sslProtocol='SSLv3'
ciphers=''
keypass='********'
keyAlias=''
sslSessionTimeout=''
crlFile=''
propagateClientCert=''
sessionCacheSize=''
Connector
cachedSSLSessions='0'
port='7843'
type='Broker'
URLRegistration
url='/slm/ping'
UsedBySOAPNNodes='FALSE'
UsedByHTTPNNodes='TRUE'
nodeLabel='HTTP Input' |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Mon Jan 26, 2015 3:38 pm Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
You set the SSL protocol to SSLV3. Any reason why you're not forcing TLS?? 
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Mon Jan 26, 2015 3:43 pm Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
Your error message says:
| Quote: |
| Error connecting to "http://localhost:7080/slm/ping" |
You need to change the URL to point to "https://localhost:7843/slm/ping"
Why are you surprised to not being able to establish an SSL connection with the http port, when you should be targetting the HTTPS port...
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| tigerstone |
| Posted: Tue Jan 27, 2015 9:09 am Post subject: |
|
|
Novice
Joined: 06 Feb 2014
Posts: 20
|
| I think the problem is HTTPS has not been enabled correctly on my server. Because its trying to establish communication through HTTP |
|
| Back to top |
|
|
| Vitor |
| Posted: Tue Jan 27, 2015 9:25 am Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| tigerstone wrote: |
| I think the problem is HTTPS has not been enabled correctly on my server. Because its trying to establish communication through HTTP |
I think the problem is that anything attempting to connect to http://hostname:7080/slm/ping is doomed to fail because as you've proved that's not where the endpoint is (as my worthy associate has pointed out).
If you think that you can quote that url and something will automagically detect your SSL settings and switch to those, you're very sadly mistaken.
What happens when you use the endpoint previously suggested?
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| tigerstone |
| Posted: Tue Jan 27, 2015 11:08 am Post subject: |
|
|
Novice
Joined: 06 Feb 2014
Posts: 20
|
| When I use that endpoint, it is unable to set up a connection. |
|
| Back to top |
|
|
| mqjeff |
| Posted: Tue Jan 27, 2015 11:15 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
|
| Back to top |
|
|
| tigerstone |
| Posted: Tue Jan 27, 2015 11:22 am Post subject: |
|
|
Novice
Joined: 06 Feb 2014
Posts: 20
|
| The ssl protocol is now using TLS |
|
| Back to top |
|
|
|
|
