I want to send EMails from a JBoss 7 application. The SMTP server needs a TLS connection with a self signed certificate. If I try to send a EMail I get a SSLHandshakeException because the server certificate cannot be checked. To fix this I have add this: http://springinpractice.com/2012/04/29/fixing-pkix-path-building-issues-when-using-javamail-and-smtp/ (putting the SMTP server certificate into a java truststore file)
My problem is now how to set the truststore file to JBoss 7?
I known at stackoverflow and on other forums there are several answer for that propblem. But I didn't found the right.
I have already tried followings:
adding JAVA_OPTS="$JAVA_OPTS -Djavax.net.ssl.trustStore=/home/stewert.c-on/data/projects/keystore/devel.truststore -Djavax.net.ssl.trustStorePassword=123456" to:
jboss-as-7.1.1.Final/bin/standalone.conf
jboss-as-7.1.1.Final/bin/domain.conf
jboss-as-7.1.1.Final/bin/appclient.conf
adding <jsse keystore-password="123456" keystore-url="/home/stewert.c-on/data/projects/keystore/devel.keystore" truststore-password="123456" truststore-url="/home/stewert.c-on/data/projects/keystore/devel.truststore"/> to jboss-as-7.1.1.Final/standalone/configuration/standalone.xml
But if I check at runtime the system environment variable with 'System.getProperty("javax.net.ssl.trustStore")' I get in every case null!
My environment:
Linux
JBoss 7.1
JDK 7
I'm starting JBoss inside of eclipse Juno
Anybody knows what's going wrong? Where must I set the truststore?
Thanks,
Steffen
Someone asked on the JBoss forum "javax.net.ssl.trustStore - only way to specify client trust?", and the answer is basically "yes".
Their approach was to set that in a system-properties element in the server config XML, which seems like the best way to me too. Better than grubbing about in the run configuration files!
Related
Earlier when I kept both apps(app1 & app2) in the same (Jboss)server, I can call[communicate] the api's available in app1 from app2. [Jboss ssl configured with certificate]
Now My issue is, I moved only my app2 into tomcat server[app2],without changing any code and tried to connect api's of app1. It is throwing the clientProtocol Exception.
I came to know the issue with ssl certificate, because app1 is ssl configured.
Is there any place I have to configure my tomcat server to trust the app1 with the SSL jboss certifcate or in java program I have to add the trustmanager SSL socket code.
Please let me know the possible solution I have been stucked .
You need to configure the tomcat environment to know that exists a certificate to use.
This is done with -Djavax.net.ssl.trustStore=mykeystore or setting it in JAVA_OPTS.
For Linux this is done as follow:
export JAVA_OPTS=-Djavax.net.ssl.trustStore=mykeystore
before calling ./startup.sh
We have implemented APNS connectivity using notnoop. We have been testing it for last 5 months on development and UAT environment and other environment. Things were working as expected but post deployment to production environment we are having tough time getting it work, GCM is working fine it is only APNS were we have tough time.
Initially there was connectivity issue from firewall which we have got opened to connect to gateway.push.apple.com on 2195 as earlier system was throwing connection timeout.
Now system is throwing No Trusted Certificate found I have described below the detail steps we have already taken to debug this.
Please note this is happening only when i deploy it on production that too when it is run inside Tomcat 8.0. We did small POC to test if it can work outside tomcat and it is working properly using same certificate from same absolute path.
We did try after changing the implementation to use absolute path of certificate as shown below
APNS.newService().withCert(PRODcertificatePath, PRODcertificatePassword)
The program is configured to use .withProductionDestination() if it is using production certificate and vice versa so this issue is also taken care.
Then we also tried using ClassLoader InputStream iss = ClassLoader.getSystemResourceAsStream("Axis-APNS.p12")
Yes we do have JKS file on production whose detail is configured in server.xml something like below
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" sslProtocol="TLS" keystoreFile="/root/cert"
Now we are out of idea to debug and find the root cause, Any suggestion, question is most welcome.
As a matter of workaround, i have redesign my system. Instead of running from inside tomcat, Have made it as standalone application using Quartz batch job and system is running properly. Once i get time to find out why tomcat is not able to pick correct certificate, will upate you guys on it. Thank you very much for your time... email me if you need anymore help on above matter. Thanks, Amarjeet
I am using java 1.6 in my machine and currently I am facing the below exception.
JSSESocketFactory.makeSocket ldap. ... :636, server certificate change is restricted during renegotiation
for an work around I have updated below properties into my weblogic configuration setup
-Dsun.security.ssl.allowUnsafeRenegotiation=true
-Djdk.tls.allowUnsafeServerCertChange=true
But Still I am getting server certificate change is restricted during negotiation.
Please let me know if there is anything else I can update in the configuration.
Thanks for your help guys.
I've been trying all day to set Tomcat 6.0 up for SSL. I know it shouldn't be that hard. I've followed the Tomcat documentation in creating my own Certificate, configuring the connectors in the server.xml file.
When I go to https://localhost:8443, (8443 is the port I defined in the connector) my certificate does not render on the screen, and my browser tells me that it was unable to make a secure connection to the server and that my client may not have the certificate.
My question is, why isn't my certificate rendering for the user to say "Trust" or "Not"?
There's a full documentation on SSL Howto for Tomcat 6. I don't know how far you've gone to setting up your SSL for me to help you.
Make sure that in server.xml in APACHE_HOME/conf has both Connector for port 8080 and 8443 enabled.
Do you happen to have a tcnative-1.dll file in apache-tomcat-6.xxx\bin\ folder?
If so, it will not work with your current <Connector/> configuration. Remove the file or rename the extension and restart the tomcat server again.
This is stated in "Edit the Tomcat Configuration File" section of http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html
I ended up figuring it out.
The issue was regarding to my protocol variable in my Connector:
This is what I had: protocol="HTTP/1.1"
Now I have this: protocol="org.apache.coyote.http11.Http11Protocol"
The only issue now is that chrome or IE won't run the site as HTTPS because i signed the certificate myself and am not a CA.
I'am installing ArcGisServer for the Java plataform on Centos 5.5 x86_64, this is not a supported platform but I have overcome almost every problem preventing the success of the installation. It uses exhaustively Sun Directory Server. The last error i receive was:
ldap_simple_bind: Can't connect to the ldap server - No route to host
It happens in other applications which makes uses of it, so it seems to be an specific problem of Sun Directory Server on linux and solaris. There is no reported solution. Usually I search the problem as much as I can but this time I have reached my patience and I need it working as soon as posible. I recognize this as an excellent forum because of it's community and quality of answers, ¿can anybody help me with this?
The "No route to host" error suggests that the issue is one of network connectivity between your ArcGIS server (the Sun Directory Server component, as you mention) and the LDAP server. So, a few things to examine, in order:
Do you have an LDAP server set up and running?
Is your LDAP server reachable from your Centos machine outside of the ArcGis server?
Is your ArcGis configured with the correct address to the LDAP server - should be in the web.config file? Example below:
<connectionStrings>
<add name="ADConnectionString"
connectionString="LDAP://SERVER_LDAP:389/ou=Sigestredi,o=Sicondef,dc=aplicaciones,o=mdef,c= es" />
</connectionStrings>
Disclaimer: I don't know anything about the ArcGIS server per se - I'm just diagnosing the "no route to host error" with a few snippets I picked up from some quick searches of the ArcGis forums.
ArcGIS includes a Sun Directory Server on it, so arcgis server and ldap are on the same machine. The port is set to 62000. When I run the diagnostic tool the DG028 fails:
DG028 - check LDAP server: is listening
I made a prove using nmap as:
nmap localhost -p62000
And it says it is opened. I don't know how to verify if LDAP is up and running, the startup log doesn't show anything wrong. I have found a config file named ldap.conf:
url ldap://name.subdomain.domain:62000/dc=name,dc=arcgis
admnm agsadmin
And my /etc/hosts is:
127.0.0.1 localhost localhost
ip_direction name.subdomain.domain name.subdomain.domain
I don't have an alias for "name", so:
ping name.subdomain.domain
Works
But:
ping name
Doesn't work
I have never used ldap so I don't know what should be on "dc". Could my hosts file be malformed or is my ldap.conf?
Another information is that the computer I am using is part of a domain. When I installed Centos, /etc/hosts file had an alias for the loopback interface as localhost.localdomain but i removed it.
I would appreciate any help.
I have solved my problem, the problem was on my /etc/hosts file. I added an alias for my ip direction:
127.0.0.1 localhost localhost
ip_direction name.subdomain.domain name
Then I run the ServerConfig script. This is a successful installation of ArcGIS Server for the Java platform on Linux. Thanks Greg for your guide.