SSL connection via SONIC MQ 8.0 - Forum - Technology Partner - Progress Community

SSL connection via SONIC MQ 8.0

 Forum

SSL connection via SONIC MQ 8.0

  • Hello, 

    Because OpenEdge doesn't natively support SSL (https) and certificates for identification, we need a routing service, so now OpenEdge can now communicate with this routing service in a way it is natively supported and the routing service takes care of the actual communication with final destination web service.

    This is done by using the Sonic ESB routing. We are connecting from Openedge to "HTTP_ACCEPTOR" on localhost:2506. We have configured a queue to deliver this messages to an HTTPS (ssl) address (https://ws1.webservices.nl:443/soap.php). I have placed the corresponding certificate into folder "certs/CA" from broker properties RSA certificates button.

    Does anyone have knowledge how to import the certificates into Sonic MQ 8.0 in order to successfully connect to the SSL web service because the configuration does not work I only receive a request time out error as shown in the logging below?

    The logging looks like below: 

    [DEBUG HTTP Direct] InputStream contains valid SOAP, version = SOAP 1.1

    [DEBUG HTTP Direct] InputStream contains valid SOAP, version = SOAP 1.1

    [DEBUG HTTP Direct] Thread HttpDirectResponseInfoThread 1 for dispatch thread 2 is starting

    [DEBUG HTTP Direct] Initiating Http Direct route request to https://ws1.webservices.nl:443/soap.php SSL Provider class progress.message.net.ssl.jsse.jsseSSLImpl has been loaded successfully .Unable to populate PKCS7 & PKCS8 into a key store:Failed to load the private key from null:null key store url: null key store type: jks key store password: key store client alias: null key store client key password: null trust store url: null trust store type: jks trust store password: custom key manager class: null KeyManagerFactory.getDefaultAlgorithm(): SunX509 custom trust manager class: null TrustManagerFactory.getDefaultAlgorithm(): PKIX Intializing SunX509 key manager factory for default key manager, key entries in the configured JSSE keyStore:

    Initializing PKIX trust manager factory with the trust store, entries in the trustStore:

    cn=*.webservices.nl, ou=premiumssl wildcard, ou=hosted by parse software development b.v., o=webservices.nl bv, street=julianastraat 30, l=haarlem, st=noord-holland, oid.2.5.4.17=2012es, c=nl

    Enabled cipher suites are:
    SSL_RSA_WITH_RC4_128_MD5
    SSL_RSA_WITH_RC4_128_SHA
    TLS_RSA_WITH_AES_128_CBC_SHA
    TLS_DHE_RSA_WITH_AES_128_CBC_SHA
    TLS_DHE_DSS_WITH_AES_128_CBC_SHA
    SSL_RSA_WITH_3DES_EDE_CBC_SHA
    SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
    SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
    SSL_RSA_WITH_DES_CBC_SHA
    SSL_DHE_RSA_WITH_DES_CBC_SHA
    SSL_DHE_DSS_WITH_DES_CBC_SHA
    SSL_RSA_EXPORT_WITH_RC4_40_MD5
    SSL_RSA_EXPORT_WITH_DES40_CBC_SHA
    SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
    SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
    SSL_RSA_WITH_NULL_MD5
    SSL_RSA_WITH_NULL_SHA
    SSL_DH_anon_WITH_RC4_128_MD5
    TLS_DH_anon_WITH_AES_128_CBC_SHA
    SSL_DH_anon_WITH_3DES_EDE_CBC_SHA
    SSL_DH_anon_WITH_DES_CBC_SHA
    SSL_DH_anon_EXPORT_WITH_RC4_40_MD5
    SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA
    TLS_KRB5_WITH_RC4_128_SHA
    TLS_KRB5_WITH_RC4_128_MD5
    TLS_KRB5_WITH_3DES_EDE_CBC_SHA
    TLS_KRB5_WITH_3DES_EDE_CBC_MD5
    TLS_KRB5_WITH_DES_CBC_SHA
    TLS_KRB5_WITH_DES_CBC_MD5
    TLS_KRB5_EXPORT_WITH_RC4_40_SHA
    TLS_KRB5_EXPORT_WITH_RC4_40_MD5
    TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA
    TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5
    Cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA
    Connection info:
    Cipher suite:  TLS_RSA_WITH_AES_128_CBC_SHA

    [15/05/05 15:57:26] ID=lofdevBroker (warning) Failed in all attempts to deliver message to HTTP Direct Routing url "https://ws1.webservices.nl:443/soap.php".
    [DEBUG HTTP Direct] SOAPUTIL.writeFaultResponse
    <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
     <soapenv:Body>
      <soapenv:Fault>
       <faultcode>soapenv:Server</faultcode>
       <faultstring>HTTP request timed out.</faultstring>
       <faultactor></faultactor>
       <detail/>
      </soapenv:Fault>
     </soapenv:Body>
    </soapenv:Envelope>
    [DEBUG HTTP Direct] Outbound handler setting CONTENT_LENGTH for fault response, length =  402
    [DEBUG HTTP Direct] Outbound response handler read from input stream, content:
    <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
     <soapenv:Body>
      <soapenv:Fault>
       <faultcode>soapenv:Server</faultcode>
       <faultstring>HTTP request timed out.</faultstring>
       <faultactor></faultactor>
       <detail/>
      </soapenv:Fault>
     </soapenv:Body>
    </soapenv:Envelope>
    [DEBUG HTTP Direct] Outbound handler responding a local fault
    [DEBUG HTTP Direct] Http Direct route request failed with error: socket closed

     

    Thanks in advance for the help!

     

  • Hi Claudiu, I have approached some Progress resources that were involved with Sonic prior to us divesting it. Based on the input I got about your thread, I would recommend you contact Aurea Support (http://www.aurea.com/support).

  • Someone suggested the following course of action for solving this problem:

    1• Using Internet Explorer, the Base64 encoded were changed to DER (binary encoded)

    2• The public key certificate has been installed/loaded in SonicFS and then added to the default Certificate store in Sonic.

    3• Next the 2 root certificates were added to the default Sonic/MQ8.0/certs/ca

    4• In the MessageBroker, the default certificate is set to default security

    5• On tab ssl, the ssl provider is set to JSAF, for sonic 8.0 combined with Java version 5 or lower will not work using JSSE.

    6• All paths for the private key and root CA store were filled using the complete directory path.

    7• Broker restart.

    What is not clear for me is point 2, 4, 5

    Can someone help me with this?