I am trying to get a sample java application to connect to a Mysql gen2 instance I have in GCP. I use SSL and the ip address is whitelisted. I have confirmed connectivity to the instance using the mysql command line and passing in the client-cert.pem, client-key.pem and the server-ca.pem. Now inorder to connect to it from the spring boot java application, I did the following:
created a p12 file from the client cert and key and added it to keystore.jks
created a truststore with the server-ca.pem file.
Added this code in the main before the connection is created:
System.setProperty("javax.net.debug", "all");
System.setProperty("javax.net.ssl.trustStore", TRUST_STORE_PATH);
System.setProperty("javax.net.ssl.trustStorePassword", "fake_password");
System.setProperty("javax.net.ssl.keyStore", KEY_STORE_PATH);
System.setProperty("javax.net.ssl.keyStorePassword", "fake_password");
For the jdbc url, I used : jdbc:mysql://1.1.1.1:3306/sampledb?useSSL=true&requireSSL=true
However I am unable to connect to the instance and see this error from the java ssl debug:
restartedMain, RECV TLSv1.1 ALERT: fatal, unknown_ca
%% Invalidated: [Session-2, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA]
restartedMain, called closeSocket()
restartedMain, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: unknown_ca
restartedMain, called close()
restartedMain, called closeInternal(true)
I also tried to run
openssl verify -CAfile server-ca.pem client-cert.pem`
and got this output:
error 20 at 0 depth lookup:unable to get local issuer certificate`
Any ideas on what I might be doing wrong?
Related
I have built Poco 1.11 and am unable to get secure SMTP connections, or HTTPS connections in general, to work, with the NetSSL_Win module (i.e. using Windows Schannel rather than OpenSSL). There is a sample in the distribution at NetSSL_Win\samples\Mail\src :
SecureSMTPClientSession session(mailhost);
session.login();
session.startTLS(pContext);
if ( !username.empty() )
{
session.login(SMTPClientSession::AUTH_LOGIN, username, password);
}
session.sendMessage(message);
session.close();
When I run it, the second login() call, after the startTLS() call, throws this error:
SSL Exception: Failed to decode data: The specified data could not be decrypted
The server in this case was smtp.gmail.com, on port 587.
I get the same error message for any other HTTPS client code I try to run as well.
Is anyone successfully using Poco 1.11 for HTTPS connections, using Windows Schannel?
I am trying to make persistant remote powershell connection from Windows7(32-bit) to exchange Server 2013,such that I can run some powershell commands from My windows7
machine as i am running it on server.
I am following steps from this article https://technet.microsoft.com/en-us/library/dd335083(v=exchg.150).aspx
I had already installed
.net Framework Version 4.5,
Windows Framework 4.0,
and windows already has SP1 installed.
Now, the issue is in running this command
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://ServerName.domain.com/PowerShell/ -Authentication Kerberos -Credential $UserCredential
Everytime it results into an error that is
New-PSSession : [ex13r.corp.local] Connecting to remote server ex13r.corp.local failed with the following error
message : WinRM cannot process the request. The following error with errorcode 0x80090311 occurred while using
Kerberos authentication: There are currently no logon servers available to service the logon request.
Possible causes are:
-The user name or password specified are invalid.
-Kerberos is used when no authentication method and no user name are specified.
-Kerberos accepts domain user names, but not local user names.
-The Service Principal Name (SPN) for the remote computer name and port does not exist.
-The client and remote computers are in different domains and there is no trust between the two domains.
After checking for the above issues, try the following:
-Check the Event Viewer for events related to authentication.
-Change the authentication method; add the destination computer to the WinRM TrustedHosts configuration setting or
use HTTPS transport.
Note that computers in the TrustedHosts list might not be authenticated.
-For more information about WinRM configuration, run the following command: winrm help config. For more
information, see the about_Remote_Troubleshooting Help topic.
At D:\path.ps1:1 char:10
+ $session=New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace) [New-PSSession], PSRemotin
gTransportException
+ FullyQualifiedErrorId : AuthenticationFailed,PSSessionOpenFailed
NOTE
Client machine(Windows7) is not connected to any domain
I added the server to the list of trustedHosts
Set-ExecutionPolicy to remotesigned
Winrm service is also running.
Windows firewall is turned off on both the systems.
My Powershell Configuration after framework 4.0 installation is as follows
Name Value
---- -----
PSVersion 4.0
WSManStackVersion 3.0
SerializationVersion 1.1.0.1
CLRVersion 4.0.30319.18408
BuildVersion 6.3.9600.16406
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0}
PSRemotingProtocolVersion 2.2
My efforts are going in no direction,the error remains the same.Any help would greatly be appreciated.
Thanks!
I've a big problem getting the connection to Salesforce test environment (https://test.salesforce.com/services/Soap/u/37.0).
I'm using Wildfly 10.0 as webserver and I've also tried to set the proxy in the standalone configuration.
This is my code:
ConnectorConfig config = new ConnectorConfig();
config.setUsername(username);
config.setPassword(password);
config.setAuthEndpoint(endpoint);
config.setServiceEndpoint(endpoint);
config.setProxy(proxy_host, Integer.parseInt(proxy_port));
config.setProxyUsername(proxy_username);
config.setProxyPassword(proxy_password);
this.connection = Connector.newConnection(config);
In my working environment I've no problem with the connection because we have a proxy without authentication and it connects configuring just proxy_host and proxy_port.
In the customer environment, instead, I have the following exception despite I've configured all the proxy parameters correctly (including username and password):
com.sforce.ws.ConnectionException: Failed to send request to https://test.salesforce.com/services/Soap/u/37.0
at com.sforce.ws.transport.SoapConnection.send(SoapConnection.java:121)
at com.sforce.soap.partner.PartnerConnection.login(PartnerConnection.java:1426)
at com.sforce.soap.partner.PartnerConnection.<init>(PartnerConnection.java:406)
at com.sforce.soap.partner.Connector.newConnection(Connector.java:27)
.....
Caused by: java.io.IOException: Unable to tunnel through proxy. Proxy returns "HTTP/1.1 407 authenticationrequired"
at sun.net.www.protocol.http.HttpURLConnection.doTunneling(HttpURLConnection.java:2124)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:183)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream0(HttpURLConnection.java:1316)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1291)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:250)
at com.sforce.ws.transport.JdkHttpTransport.connectRaw(JdkHttpTransport.java:136)
at com.sforce.ws.transport.JdkHttpTransport.connectLocal(JdkHttpTransport.java:100)
at com.sforce.ws.transport.JdkHttpTransport.connectLocal(JdkHttpTransport.java:95)
at com.sforce.ws.transport.JdkHttpTransport.connect(JdkHttpTransport.java:91)
at com.sforce.ws.transport.SoapConnection.send(SoapConnection.java:95)
The proxy configuration is working properly in telnet for istance.
Any idea?
Thanks in advance!!
I'm trying to create a custom cartridge application on OpenShift using the command rhc -d create-app liferay htt..... An error is raised but I don't know where to find more specific information. What does this error mean and how do I fix it?
Creating application 'liferay' ... DEBUG: Creating application 'liferay' with these options - {:cartridges=>[#<RHC::Rest::Cartridge:0x007ff8f9354e00 #attributes={"url"=>"http...", "messages"=>[]}, #client=nil>]}
DEBUG: Adding application liferay to domain 546b3528ecb8d480bb000012
DEBUG: Using token authentication
DEBUG: Request POST https:...openshift.redhat.com/broker/rest/domain/catapp/applications
DEBUG: code 500 267521 ms
Unable to complete the requested operation due to: An invalid exit code (1) was returned from the server ex-std-node192.prod.rhcloud.com. This indicates an unexpected
problem during the execution of your request.
Reference ID: 4f4141b703879dd93b88b271f553ec1b
Try enabling HTTP_DEBUG:
HTTP_DEBUG=1 rhc -d create-app liferay htt....
I've problem when configure zapcat on zabbix 2.0 followed link
http://www.kjkoster.org/zapcat/Tomcat_How_To.html
Then I try to use JMX but an error occured when run :
java -Dcom.sun.management.jxmremote -Dcom.sun.management.jmxremote.port=12345 -Dcom.sun.management.jmxremote.authenticate=true -Dcom.sun.management.jmxremote.password.file=/usr/lib/jvm/java-6-openjdk-i386/jre/lib/management/jmxremote.password -Dcom.sun.management.jmxremote.access.file=/usr/lib/jvm/java-6-openjdk-i386/jre/lib/management/jmxremote.access -Djava.rmi.server.hostname=192.168.2.56 -Dcom.sun.management.jmxremote.ssl=true
and error is :
Error: Password file read access must be restricted: /usr/lib/jvm/java-6-openjdk-i386/jre/lib/management/jmxremote.password
So any solution for me ??
You don't need Zapcat with Zabbix 2.0. Look up using the Zabbix Java Gateway instead: https://www.zabbix.com/documentation/2.0/manual/concepts/java
However for this error. You need to set the restriction on your password conf file to chmod 600.