;>>> (depends
>>>>>>>>>>> on JDK).
>>>>>>>>>>>
>>>>>>>>>>> SSL will not be supported by this (however as I said there are
>>>>>>>>>>> other parts of the code where there is a getInstance
gt;>>>>
>>>>>>>>>>>>>>>>> Similarly, disabling SSL would certainly break many
>>>>>>>>>>>>>>>>> installa
;> surprised if
>>>>>>>>>> there is someone using such a server (most Organisations should
>>>>>>>>>> switch to
>>>>>>>>>> TLSv1.2 in any case as all protocols below have been broken).
>>>>&g
>>>>>>>>>>>>>>>> Yes I am doing that but I will need to rebuild.
>>>>>>>>>>>>>>>> I don’t recommend TLSv1 - this is already
em to deactivate TLSv1.1 and TLSv1.2 when using TLS. I will
>>>>>>>>> write
>>>>>>>>> more about this in the JIRA, once I verified that this solves the
>>>>>>>>> problem.
>>>>>>>>> Then TL
gt;> security hole and given how old TLS support is JDK i would be
>>>>>>>>>>>>>> surprised if there is someone using such a server (most
>>>>>>>>>>>>>> Organisations should switch to TLSv1.2 in any case as all
>>
>>>>>>>> creates the SSLContext:
>>>>>>>>
>>>>>>>> SSLContext ctx = SSLContext.getInstance("TLSv1");
>>>>>>>> I don't know if TLS will downgrade to SSL if that's all that's
rified that
>>>>>>>>>>>> this solves the problem.
>>>>>>>>>>>> Then TLSv1.3 is JDK11 only - I will investigate what that implies.
>>>>>>>>>>>> Does ManifoldCf supports JDK11?
>>>>>>>&g
gt; Yes it you do not change this setting as what I suspect happens
>>>>>>>> here. See my previous mail for details.
>>>>>>>>
>>>>>>>> Am 14.01.2020 um 23:51 schrieb Karl Wright :
>>
's all that's
>>>>>>>>>>> available.
>>>>>>>>>>>
>>>>>>>>>>> Karl
>>>>>>>>>>>
>>>>>>>>>>>
>>>&g
ps://docs.oracle.com/cd/E19698-01/816-7609/security-83/index.html
>>>>>>>
>>>>>>>
>>>>>>> Karl
>>>>>>>
>>>>>>>
>>>>>>> On Tue, Jan 14, 2020 at 5:48 PM Karl Wright
>>
oad until late tomorrow but somewhere along the line I
>>>>>>> can do some research into why TLS won't work as we are currently doing
>>>>>>> it.
>>>>>>>
>>>>>>> Karl
>>>>>>>
>>>>>>
;>> https://docs.oracle.com/cd/E19698-01/816-7609/security-83/index.html
>>>>>>>>>>
>>>>>>>>>> Karl
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>> On Tue, Jan 14, 2020 at 5:48 PM Karl Wright
ages keystores on a
>>>>>>>>>> connection by connection basis, not globally. If you think the only
>>>>>>>>>> way to implement TLS is via global keystore I very much doubt it.
>>>>>>>>>>
>>>&g
>>>>>>
>>>>>>
>>>>>> On Tue, Jan 14, 2020 at 12:56 PM Jörn Franke
>>>>>> wrote:
>>>>>>
>>>>>>> These are TLS only. So maybe you have other servers where tls and
>>>>>>&g
rify it. I have to rebuilt manifold for that. Probably I have
>>>>>> to
>>>>>> reinstall everything as the keystorefactory is a dependency in the
>>>>>> connector.
>>>>>>
>>>>>> Am 14.01.2020 um 18:34 schrieb Ka
t;>>>> If you can recommend changes to support TLS, that would be great. The
>>>>> basic infrastructure should still work; it is just a custom keystone and
>>>>> associated SSLSocketFactory, which I think also is used for TLS
>>>>> conn
reat. The
>>>>>>>> basic infrastructure should still work; it is just a custom keystone
>>>>>>>> and associated SSLSocketFactory, which I think also is used for TLS
>>>>>>>> connections, unless I am missing something.
>>&
ss I am missing something.
>>>>
>>>> On Tue, Jan 14, 2020, 9:38 AM Jörn Franke wrote:
>>>>
>>>>> Yes this works fine. I believe the error comes from the fact that TLS
>>>>> connections are not supported.
>>>>>
>>&
;>>>> connections are not supported.
>>>>>>>
>>>>>>>>> Am 14.01.2020 um 15:31 schrieb Michael Cizmar
>>>>>>>>> :
>>>>>>>>>
>>>>>>>>
>>>
; michael.ciz...@mcplusa.com>:
>>>>
>>>>
>>>>
>>>> If you want to test the url and the ssl, I would recommend attempting
>>>> using SSLPoke to confirm that they keystore is setup properly:
>>>>
>>>>
>>>>
>>>> Am 14.01.2020 um 15:31 schrieb Michael Cizmar
>>>>>>> :
>>>>>>>
>>>>>>
>>>>>> If you want to test the url and the ssl, I would recommend attempting
>>>>>> using SSLPoke to confirm that they keystore is setup properl
would recommend attempting
>>>>> using SSLPoke to confirm that they keystore is setup properly:
>>>>>
>>>>>
>>>>>
>>>>> https://github.com/MichalHecko/SSLPoke
>>>>>
>>>>>
>>>>
properly:
>>
>>
>>
>> https://github.com/MichalHecko/SSLPoke
>>
>>
>>
>> Michael
>>
>>
>>
>> *From: *Karl Wright
>> *Reply-To: *"user@manifoldcf.apache.org"
>> *Date: *Tuesday, January 14, 2020 at 7:21 AM
>
>>>
>>> If you want to test the url and the ssl, I would recommend attempting
>>> using SSLPoke to confirm that they keystore is setup properly:
>>>
>>>
>>>
>>> https://github.com/MichalHecko/SSLPoke
>>>
>>>
>>>
>>&g
;
>>>
>>>
>>> Michael
>>>
>>>
>>>
>>> From: Karl Wright
>>> Reply-To: "user@manifoldcf.apache.org"
>>> Date: Tuesday, January 14, 2020 at 7:21 AM
>>> To: "user@manifoldcf.apache.org&q
rm that they keystore is setup properly:
>
>
>
> https://github.com/MichalHecko/SSLPoke
>
>
>
> Michael
>
>
>
> *From: *Karl Wright
> *Reply-To: *"user@manifoldcf.apache.org"
> *Date: *Tuesday, January 14, 2020 at 7:21 AM
> *To: *"u
setup properly:
>
> https://github.com/MichalHecko/SSLPoke
>
> Michael
>
> From: Karl Wright
> Reply-To: "user@manifoldcf.apache.org"
> Date: Tuesday, January 14, 2020 at 7:21 AM
> To: "user@manifoldcf.apache.org"
> Subject: Re: CSWS Conn
To: "user@manifoldcf.apache.org"
Subject: Re: CSWS Connector : ServiceConstructionException: Failed to create
service
Hmm, others have succeeded setting up SSL connections with the current code.
Hoping they chime in here.
Karl
On Tue, Jan 14, 2020, 8:19 AM Jörn Franke
mailto:jornfra.
I know that the CAs are correct as they work with other Java tools.
> Am 14.01.2020 um 14:21 schrieb Karl Wright :
>
>
> Hmm, others have succeeded setting up SSL connections with the current code.
> Hoping they chime in here.
>
> Karl
>
>> On Tue, Jan 14, 2020, 8:19 AM Jörn Franke wrote:
Hmm, others have succeeded setting up SSL connections with the current
code. Hoping they chime in here.
Karl
On Tue, Jan 14, 2020, 8:19 AM Jörn Franke wrote:
> It seems that it has indeed a certificate issue as it cannot find a valid
> certification path to the target. The thing is: I added th
It seems that it has indeed a certificate issue as it cannot find a valid
certification path to the target. The thing is: I added those certificates in
the UI should it should not happen.
> Am 10.01.2020 um 20:51 schrieb Jörn Franke :
>
>
> 2.15 ...
> I will try on the weekend to see if I c
2.15 ...
I will try on the weekend to see if I can get some logs out of it.
> Am 10.01.2020 um 19:02 schrieb Karl Wright :
>
>
> Can I ask what version of MCF you are using? There were issues with SSL in
> the first release of the csws connector if I recall correctly, that were
> fixed for
Can I ask what version of MCF you are using? There were issues with SSL in
the first release of the csws connector if I recall correctly, that were
fixed for the second release.
Karl
On Fri, Jan 10, 2020 at 11:42 AM Jörn Franke wrote:
> I added root, intermediate and server certificate (in ba
I added root, intermediate and server certificate (in base64 cer, it seems to
be recognized by manifoldcf), but I still get the same message. I will try to
get somehow the full stacktrace
> Am 10.01.2020 um 17:21 schrieb Karl Wright :
>
>
> If you are using SSL you need to have the proper ce
If you are using SSL you need to have the proper certificate saved in the
connection's keystore.
Karl
On Fri, Jan 10, 2020 at 11:20 AM Jörn Franke wrote:
> It is actually a server using configuration of the command - driven
> multi-process model (but the agents executed as a service and the war
It is actually a server using configuration of the command - driven
multi-process model (but the agents executed as a service and the war on a
tomcat executed as a service) under Linux.
I thought as well that it cannot reach the webservices, the question is why. On
the same server I can reach t
How are you running manifoldcf? Single process example, or a custom setup
of some kind?
This exception is a "catch all" exception generated far below anything in
ManifoldCF, but usually means it cannot download the WSDLs from the
service. Getting the full exception dumped in the log requires a "
38 matches
Mail list logo
