Good day,
I am referring this article to set up the MobileFirst Analytic server in Liberty:
https://www.ibm.com/support/knowledgecenter/SSHS8R_8.0.0/com.ibm.worklight.analytics.doc/analytics/t_installing_on_liberty.html?view=embed
The server is up with only http port, but not https port.
I check with netstat -plunt command, also only saw the http port is listening.
The following is the http endpoint in my server.xml:
<httpEndpoint id="defaultHttpEndpoint"
httpPort="9081"
httpsPort="9444" host="*" />
Anything I miss configure?
Did you define keystore in your server.xml? Similar issue discussed here https://developer.ibm.com/answers/questions/261762/liberty-profile-not-binding-https-port.html . Please add keystore and check whether https enabled.
Related
Tomcat SSL configuration is a heavily queried area in our stackoverflow forums - but still, I feel the least understood despite the supposedly ease of setup that Tomcat claims!
I am using Tomcat 9.0.26 and am having to consume a third party (https) webservice. There started my trouble :).
First was my blissfull ignorance & Tomcat documentation piling it up. I was trying to setup keystoreFile. Only after a few attempts realized the difference between keystore & truststore. In simple terms, keystore is required if you wish your application deployed on your tomcat server to be served over secure HTTPS protocol. TrustStore is required when you wish to consume another secure HTTPs webservice by storing the certificates in your trust store. The default tomcat SSL documentation leads you into keystore and not truststore.
So moved on to setup the truststore
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
truststoreFile="C:\cert\myCert.p12" truststorePass="mypass" truststoreType="PKCS12"
clientAuth="false" sslProtocol="TLS+SSLV3" />
Learnt that SSLConfig element has come into being, but Tomcat 9 still supports the old configuration defined above. My attempts at using SSLConfig were not fruitful as well and this portion seems sparingly documented.
I could not use the runtime parameters as some other service fail with below parameters.
-Djavax.net.ssl.trustStore=C:\cert\myCert.p12 -Djavax.net.ssl.trustStorePassword=mypass -Djavax.net.ssl.trustStoreType=PKCS12
Need help with pointers on what I could try to fix this issue as the above attempts have still not been successful.
Finally resolved the issue. The above understanding of trust store was correct. However during SSL Handshake, my server needs to exchange a client authentication "key". This is where the same certificate store had to be setup as keyStore as well and post that all is working!!
-Djavax.net.ssl.trustStore=C:\cert\myCert.p12
-Djavax.net.ssl.trustStorePassword=mypass
-Djavax.net.ssl.trustStoreType=PKCS12
-Djavax.net.ssl.keyStore=C:\cert\myCert.p12
-Djavax.net.ssl.keyStorePassword=mypass
I have a webapplication which was deployed on tomcat and uses tomcat values, now the application is moving to websphere liberty and am not sure similar concept exists in liberty.
Is there an equivalent tomcat valves concept in websphere libery profile? If yes, how can we achieve ?
You can white/blacklist hostnames and ip addresses on a per-endpoint basis in server.xml. Blocked ones will get a connection reset message.
<httpEndpoint httpPort="19080" httpsPort="19443"
id="defaultHttpEndpoint" tcpOptionsRef="myTcpOptions" host="*"/>
<tcpOptions id="myTcpOptions" hostNameExcludeList="*.foo.com,*.ibm.com" />
There's more info on that here:
https://www.ibm.com/support/knowledgecenter/en/SSAW57_8.5.5/com.ibm.websphere.nd.doc/ae/urun_chain_typetcp.html
If you need different exclusions per app, you can use configure multiple endpoints and map them to applications using virtual hosts.
https://www.ibm.com/support/knowledgecenter/en/SSEQTP_8.5.5/com.ibm.websphere.wlp.doc/ae/cwlp_virtual_hosts.html
I'm trying to get ActiveMQ to support a TLSv1.2. I'm using activemq v5.14.5. The fix talked about in Create ActiveMQ Connection on TLS1.2 did not work. When I stepped through the code I see that the
context.setSSLContext(sslContext);
SslContext.setCurrentSslContext(context);
Connection connection = factory.createConnection(loginName, pwd);
call to factory.createConnection() actually doesn't use the value that was just set, but instead creates a new SSL context using the hard coded default of "TLS". I observed this in the debugger.
Any other suggestions are welcome. I think the topic "configuring transports" at http://activemq.apache.org/configuring-transports.html may hold the solution but I haven't tried it yet.
The default embedded ActiveMQ broker configuration does not create an SSL transport connector. If you manually added an SSL transport connector, then you may have restricted the SSL protocols supported by the broker using the option transport.enabledProtocols:
<transportConnector name="ssl" uri="ssl://localhost:61617?transport.enabledProtocols=TLSv1.2"></transportConnector>
This configuration restricts the SSL connector of ActiveMQ to only support TLSv1.2. Other TLSv1, TLSv1.1, SSLv3 will not be supported.
I use DOSGi to connect two OSGi components (iPOJO components) over local network.
I configured it with either SOAP or RESTful-JAX RS. However, both use TCP for communication (i saw this in Wireshark).
Now, i would like to configure SOAP or RESTful-JAX RS with UDP. How can i do that?
Thank you for your help.
Assuming this is Apache CXF DOSGI implementation: Given how CXF can use UDP as a transport, it looks simple enough to use a udp URL as your "org.apache.cxf.ws.address" when creating your distributed service.
Thank you very much for your response.
I implemented an application including a server component and a client component
as indicated by
Using Distributed Services with iPOJO.
However, it uses TCP for client-server communication
I tried to declare the server with the "org.apache.cxf.ws.address" property with UDP as "udp://localhost:9090/service".
Example:
<property name="service.exported.interfaces" value="*" />
<property name="service.exported.configs" value="org.apache.cxf.ws" />
<property name="org.apache.cxf.ws.address" value="udp://localhost:9090/service" />
However, i received an error:
Unknown protocol: udp
I'm using the package cxf-dosgi-ri-singlebundle-distribution-1.1.jar for client-server communication
Could you please give me some advices?
The example given for a spring injected endpoint is as follows:
<endpoint id="hl7listener" uri="mina:tcp://localhost:8888?sync=true&codec=hl7codec"/>
How do I setup a client mode endpoint such that is will connect to a specific port on another server?
How do I configure the endpoint to listen for inbound connections? (the example seems to be a listener as indicated by its descriptive id but why?)
Note: I am not actually using the HL7 protocol or codec. I will be developing my own for a proprietary protocol codec.
was this answered on the thread here?