Please remember to remove any passwords or sensitive data when you post
on public email lists
On 11/8/22 00:58, Ganesan, Prabu wrote:
ZjQcmQRYFpfptBannerStart
This Message Is From an External Sender
ZjQcmQRYFpfptBannerEnd
Hi Team .
Could you please help with below errors
We have enabled TLS successfully – but after TLS enabled we are facing
below issues .
Please help us on Priorities
Thanks & Regards,
_________________________________________________________Email_CBE.gif
*PrabuGanesan***
*Consultant|MS-Nordics*
capgemini India Pvt. Ltd. | Bangalore **
Contact: +91 8526554535
Email: prabhu.c.gane...@capgemini.com
www.capgemini.com
<https://urldefense.com/v3/__http://www.capgemini.com/__;!!CbU71lC5478d!NfgzPkl-D29z-BtJp2R2tuncdhujVshARyapRSvdIYlWWskOrdYNjBF5Dzz5b6ilh0pLgIpi9TCY6S0pOEX0o9X7PdtPlHai44o$>
*People matter, results count.*
__________________________________________________________
*Connect with Capgemini:*
<https://urldefense.com/v3/__http://www.capgemini.com/insights-and-resources/blogs__;!!CbU71lC5478d!NfgzPkl-D29z-BtJp2R2tuncdhujVshARyapRSvdIYlWWskOrdYNjBF5Dzz5b6ilh0pLgIpi9TCY6S0pOEX0o9X7PdtP_H9JbgM$><https://urldefense.com/v3/__http://www.twitter.com/capgemini__;!!CbU71lC5478d!NfgzPkl-D29z-BtJp2R2tuncdhujVshARyapRSvdIYlWWskOrdYNjBF5Dzz5b6ilh0pLgIpi9TCY6S0pOEX0o9X7PdtPo9pUNlk$><https://urldefense.com/v3/__http://www.facebook.com/capgemini__;!!CbU71lC5478d!NfgzPkl-D29z-BtJp2R2tuncdhujVshARyapRSvdIYlWWskOrdYNjBF5Dzz5b6ilh0pLgIpi9TCY6S0pOEX0o9X7PdtP7xok6AU$><https://urldefense.com/v3/__http://www.linkedin.com/company/capgemini__;!!CbU71lC5478d!NfgzPkl-D29z-BtJp2R2tuncdhujVshARyapRSvdIYlWWskOrdYNjBF5Dzz5b6ilh0pLgIpi9TCY6S0pOEX0o9X7PdtPTsCkkag$><https://urldefense.com/v3/__http://www.slideshare.net/capgemini__;!!CbU71lC5478d!NfgzPkl-D29z-BtJp2R2tuncdhujVshARyapRSvdIYlWWskOrdYNjBF5Dzz5b6ilh0pLgIpi9TCY6S0pOEX0o9X7PdtPq37kY_Q$><https://urldefense.com/v3/__http://www.youtube.com/capgeminimedia__;!!CbU71lC5478d!NfgzPkl-D29z-BtJp2R2tuncdhujVshARyapRSvdIYlWWskOrdYNjBF5Dzz5b6ilh0pLgIpi9TCY6S0pOEX0o9X7PdtPvOVZ6Mw$>
Please consider the environment and do not print this email unless
absolutely necessary.
Capgemini encourages environmental awareness.
*From:*Morell, Alice <alice.mor...@capgemini.com>
*Sent:* 07 November 2022 21:33
*To:* DL IN IKANO Middleware <ikanomiddleware...@capgemini.com>
*Cc:* Thombre, Dipali Rajesh <dipali-rajesh.thom...@capgemini.com>;
Nayak, Shruthi <shruthi.na...@capgemini.com>; Khandekar, Preeti
<preeti.khande...@capgemini.com>; Deshmukh, Hemant
<hemant.a.deshm...@capgemini.com>; Phase, Samir
<samir.ph...@capgemini.com>
*Subject:* Errors in Tomcat logs / application processing
Hello!
The error we are facing is:
“SOAP Problems executing transaction LoginApplication via Web Service,
underlying problem is Error unmarshalling message”
*I want to know if we can solve this by changing the values in the
context.xml tags. *The hardcoded URL’s.**
As agreed, here are
* Info on error logs,
* Screen shots of the errors that the end user is seeing,
* Sequential steps for TLS on the instances
And
* Example on the changes made in the files
You can find the error logs generated for these 2 URLs at this location:
/export/home/aloradm/tls/tls2/Test1FrontEnd/
Where the directory called “1” is for what is described under issue 1
and “2” under issue 2.. 😊
1. To replicate current error:
Use a browser with a cleared cache!
Browse to:
tvmdc2linweb001.baf.ikano:7400/PCUKTST1ENV/ikanoRetail/<https://urldefense.com/v3/__http://tvmdc2linweb001.baf.ikano:7400/PCUKTST1ENV/ikanoRetail/__;!!CbU71lC5478d!NfgzPkl-D29z-BtJp2R2tuncdhujVshARyapRSvdIYlWWskOrdYNjBF5Dzz5b6ilh0pLgIpi9TCY6S0pOEX0o9X7PdtPKYZexbk$>
Press ”Contact Centre” too get this first error:
Press “Click here to log in again” and then the red button that says
“Contact centre”.
The page is just getting reloaded to same screen again. For each time
you press the red button, a url pattern of “/contactcentre” is added
to the path:
In the backend, the logs for my tries is attached in the folder
ikanoRetailLogin
------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------
To replicate current error you need login credentials, so you can only
view my screen shot for this one:
Use a browser with a cleared cache!
Browse to:
http://tvmdc2linweb001.baf.ikano:7400/ControlPanel/index<https://urldefense.com/v3/__http://tvmdc2linweb001.baf.ikano:7400/ControlPanel/index__;!!CbU71lC5478d!NfgzPkl-D29z-BtJp2R2tuncdhujVshARyapRSvdIYlWWskOrdYNjBF5Dzz5b6ilh0pLgIpi9TCY6S0pOEX0o9X7PdtPnxpy4FM$>
When I have entered my credentials I am getting this:
----------------------------------------------------------------------------------
----------------------------------------------------------------------------------
----------------------------------------------------------------------------------
The sequential steps followed for our TLS activity per instance
(example is for Test1Frontend):
1. Put the new server.xml file with new TLS connectors in
/panenv/PCUKTST1ENV/webapp/Test1FrontEnd/conf/
2. Put the new web.xml with security constraint (force https) in
/panenv/PCUKTST1ENV/webapp/Test1FrontEnd/conf/
3. Navigate to Test1FrontEnd 's conf folder cd
/panenv/PCUKTST1ENV/webapp/Test1FrontEnd/conf/
4. Change to correct permissions on web.xml chown
panmgr:pan web.xml
5. Change to correct permissions on server.xml chown
panmgr:pan server.xml
6. Check status on instance 1. cd
/panenv/PCUKTST1ENV/webapp/ Test1FrontEnd /scripts 2.
./WebAppAdmin status
7. bounce (restart) instance ./WebAppAdmin bounce
8. check status on instance ./WebAppAdmin status
----------------------------------------------------------------------------------
----------------------------------------------------------------------------------
----------------------------------------------------------------------------------
This is changed in server.xml:
<!--This Connector was added to achieve TLS. Old Connector can be found in
comments. -->
<Connectorport="7400"protocol="org.apache.coyote.http11.Http11NioProtocol"
connectionTimeout="600000"
redirectPort="443"/>
<!--This Connector was added to achieve TLS. Old Connector can be found in
comments. -->
<Connectorport="443"protocol="org.apache.coyote.http11.Http11NioProtocol"
connectionTimeout="600000"
scheme="https"secure="true"SSLEnabled="true">
<SSLHostConfig
certificateVerification="false">
<Certificate
certificateKeystoreFile="/apps/tomcat/8.5.55/conf/certs/tvmdc2linweb001-2022.pfx"
certificateKeystorePassword="Mk0OunQx67xD2022"
certificateKeyAlias="te-3ca20d95-2590-48ea-b2da-0b800736709a"
/>
</SSLHostConfig>
</Connector>
<!--This Connector was added to achieve TLS. Old Connector can be found in
comments. -->
<Connectorport="7401"protocol="org.apache.coyote.http11.Http11NioProtocol"
connectionTimeout="600000"
redirectPort="8443"/>
<!--This second TLS connector was added to come around the address binding errors.
Old Connector can be found in comments. -->
<Connectorport="8443"protocol="org.apache.coyote.http11.Http11NioProtocol"
connectionTimeout="600000"
scheme="https"secure="true"SSLEnabled="true">
<SSLHostConfig
certificateVerification="false">
<Certificate
certificateKeystoreFile="/apps/tomcat/8.5.55/conf/certs/tvmdc2linweb001-2022.pfx"
certificateKeystorePassword="Mk0OunQx67xD2022"
certificateKeyAlias="te-3ca20d95-2590-48ea-b2da-0b800736709a"
/>
</SSLHostConfig>
</Connector>
This is changed in web.xml:
<security-constraint>
<web-resource-collection>
<web-resource-name>Web server</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
For context.xml no changes.
I hope this helps.
____________________________________________________________________
*Alice Morell*
Security Consultant | Cloud Infrastructure Services
Capgemini Sweden | Gothenburg
Tel.: +46 730 22 8008
www.capgemini.com<https://urldefense.com/v3/__http://www.capgemini.com/__;!!CbU71lC5478d!NfgzPkl-D29z-BtJp2R2tuncdhujVshARyapRSvdIYlWWskOrdYNjBF5Dzz5b6ilh0pLgIpi9TCY6S0pOEX0o9X7PdtPlHai44o$>
Email: alice.mor...@capgemini.com<mailto:alice.mor...@capgemini.com>
____________________________________________________________________
*Connect with Capgemini:***
twitter
<https://urldefense.com/v3/__https://twitter.com/capgemini__;!!CbU71lC5478d!NfgzPkl-D29z-BtJp2R2tuncdhujVshARyapRSvdIYlWWskOrdYNjBF5Dzz5b6ilh0pLgIpi9TCY6S0pOEX0o9X7PdtP7gGqQl8$>linkedin
<https://urldefense.com/v3/__https://www.linkedin.com/company/capgemini__;!!CbU71lC5478d!NfgzPkl-D29z-BtJp2R2tuncdhujVshARyapRSvdIYlWWskOrdYNjBF5Dzz5b6ilh0pLgIpi9TCY6S0pOEX0o9X7PdtPgX81qB0$>facebook
<https://urldefense.com/v3/__https://www.facebook.com/capgemini__;!!CbU71lC5478d!NfgzPkl-D29z-BtJp2R2tuncdhujVshARyapRSvdIYlWWskOrdYNjBF5Dzz5b6ilh0pLgIpi9TCY6S0pOEX0o9X7PdtPcZ-_Knk$>youtube
<https://urldefense.com/v3/__https://www.youtube.com/profile?user=capgeminimedia__;!!CbU71lC5478d!NfgzPkl-D29z-BtJp2R2tuncdhujVshARyapRSvdIYlWWskOrdYNjBF5Dzz5b6ilh0pLgIpi9TCY6S0pOEX0o9X7PdtPjCDvFKE$>soundcloud
<https://urldefense.com/v3/__https://soundcloud.com/capgemini__;!!CbU71lC5478d!NfgzPkl-D29z-BtJp2R2tuncdhujVshARyapRSvdIYlWWskOrdYNjBF5Dzz5b6ilh0pLgIpi9TCY6S0pOEX0o9X7PdtPEpGaVjg$>Résultat
de recherche d'images pour "instagram logo rond"
<https://urldefense.com/v3/__https://www.instagram.com/capgemini__;!!CbU71lC5478d!NfgzPkl-D29z-BtJp2R2tuncdhujVshARyapRSvdIYlWWskOrdYNjBF5Dzz5b6ilh0pLgIpi9TCY6S0pOEX0o9X7PdtP8VP4soM$><https://urldefense.com/v3/__https://www.slideshare.net/capgemini__;!!CbU71lC5478d!NfgzPkl-D29z-BtJp2R2tuncdhujVshARyapRSvdIYlWWskOrdYNjBF5Dzz5b6ilh0pLgIpi9TCY6S0pOEX0o9X7PdtPiC13GgI$><https://urldefense.com/v3/__https://www.glassdoor.com/Overview/Working-at-Capgemini-EI_IE3803.11,20.htm__;!!CbU71lC5478d!NfgzPkl-D29z-BtJp2R2tuncdhujVshARyapRSvdIYlWWskOrdYNjBF5Dzz5b6ilh0pLgIpi9TCY6S0pOEX0o9X7PdtPF8bHWBs$>
This message contains information that may be privileged or
confidential and is the property of the Capgemini Group. It is
intended only for the person to whom it is addressed. If you are not
the intended recipient, you are not authorized to read, print, retain,
copy, disseminate, distribute, or use this message or any part
thereof. If you receive this message in error, please notify the
sender immediately and delete all copies of this message.