xeams http/https stops working after installing the TLS



From xeams.llog:
I tried to open a Secure Web Server Port :
"Failed to initialize end point associated with ProtocolHandler ["http-bio-443"]
java.io.IOException: Keystore was tampered with, or password was incorrect
 at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:780)
 at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:56)
Try the following steps:
  • Stop Xeams
  • Assuming you are on Windows, go to C:\Xeams\config and open AppConfig.xml in any editor such as Notepad. If you are on Linux, this file will be in /opt/Xeams/config folder.
  • Remove the lines containing following parameters:

    • sslCertificateFileName
    • sslCertificatePassword
    • sslCertKeystoreType
  • Save the file
  • Delete/rename C:\Xeams\config\synametrics.cert file so it is not found at runtime
  • Restart Xeams
The above steps will make your Xeams download a self-signed certificate again from Synametrics website.

For more info, please see -- http://www.xeams.com/app?operation=forum&st=viewOneArticle&id=15517

Here are the steps to install the SSL sertification for SMTP as well ass https

Original post from -- http://www.xeams.com/usingssl.htm


Steps

 Generating a private/public key pair
  1. Open a console (DOS prompt) on Windows or Terminal on Linux/Unix.
  2. Enter the following command. 
    keytool -keysize 2048 -genkey -alias xeams -keyalg RSA -keystore synametrics.cert
  3. You will be prompted for a password. You will need this password later on.
  4. Enter Distinguished Name (DN) information:
    • First and last name - This is the Common name: The common name is the fully-qualified domain name (FQDN), Host name, or URL - to which you plan to apply your certificate. Do not enter your personal name in this field.
    • Organizational unit - Use this field to differentiate between divisions within an organization. For example, "Engineering" or "Human Resources." If applicable, you may enter the DBA (doing business as) name in this field.
    • City/Locality - Name of the city in which your organization is registered/located. Please spell out the name of the city. Do not abbreviate.
    • State/Province - Name of state or province where your organization is located. Please enter the full name. Do not abbreviate.
    • Country code - The two-letter International Organization for Standardization- (ISO-) format country code for the country in which your organization is legally registered.
  5. Confirm that the Distinguished Name information is correct. 
This steps creates a keystore, which is a file that holds certificates. 

 Generating a CSR
Next step is to submit a CSR (SSL Certificate Signing Request) to a certificate authority.
  1. Enter the following command:
    keytool -certreq -keyalg RSA -alias xeams -file xeams.csr -keystore synametrics.cert
  2. Enter the keystore password you specified earlier.
  3. This creates a new file called xeams.csr. Open this file in any editor like Notepad.
  4. Cut/copy and paste the generated CSR into enrollment form of your certificate authority.
  5. Select Tomcat as your server software.

 Submitting CSR and waiting for response 

Once you submit a CSR to a certificate authority, you have to wait for their response. It could take anywhere from a few minutes to up to two days before you get a response. The response from certificate authority typically includes an attached file containing your certificate. Some vendors also ask you to download the certificate from a secure website rather than emailing them to you. 

You will probably get more than one file from the certificate authority. An SSL certificate creates a trust relationship by creating a chain of certificates. This is analogous to saying that you trust person A, but not C. However, person A trusts person B, who then trusts C. Therefore, it is okay to trust C. 

Every file you get from a certificate authority must be added to the keystore you create in the first step. 

 Adding certificates to the keystore 

You must add certificates in the order specified by certificate authority. The following example show how to add a root certificate, two intermediate certificates, and finally the actual certificate that is create for you. 

Importing Root Certificate

keytool -import -trustcacerts -alias AddTrustExternalCARoot -file AddTrustExternalCARoot.crt -keystore synametrics.cert


Now add two intermediary certificates. Replace Alias1, Alias2, File1 and File2 with actual values provided to you. 
keytool -import -trustcacerts -alias Alias1 -file File1.crt -keystore synametrics.cert

keytool -import -trustcacerts -alias Alias2 -file File2.crt -keystore synametrics.cert
Finally, add the actual certificate that is meant for your copy of Xeams using the following command.
keytool -import -trustcacerts -alias xeams -file yourCertificate.crt -keystore synametrics.cert
 Final Step 

  • Connect to your Admin Console as admin
  • Click home, which will change your browser URL to ...operation=60. Manually change the operation to 187 so the URL ends like ...operation=187
  • Ensure the file name is correct
  • Enter the password you used for the keystore
  • Save and restart Xeams.

Comments

Post a Comment

Popular posts from this blog

VIOS TIPs

HMC image locates: /extra/viosimages/2.2.3.4 To install VIO server from HMC: installios To erase the previous setting: installios -u hscroot@P7504HMC:~> cat /etc/nimol.conf # nimol.conf file NIMOL_SERVER 9.22.217.30 ORIGINAL_FILES_DIR /var/tmp/nimol_original RPCBIND_STARTED yes NFS_STARTED yes REMOTE_ACCESS_METHOD /usr/bin/rsh NIMOL_TFTPBOOT /tftpboot TFTP_ENABLED yes REMOTE_SYSLOG_ENABLED yes HMC_SYSLOG_CONF_MODIFIED yes NIMOL_SYSLOG_FACILITY local2 NIMOL_SUBNET 9.22.217.0 NIMOL_BOOTREPLYD yes LABEL default1 /extra/default1 processing hscroot@P7504HMC:~>  installios -F -e -R default1 Logging session output to /tmp/installios.24173.log. nimol_config WARNING: error from command /bin/awk nimol_config MESSAGE: Executed /usr/sbin/exportfs -ua. nimol_config MESSAGE: Executed /usr/sbin/exportfs -a. nimol_config MESSAGE: Removed /tftpboot/default1.chrp.mp.ent. nimol_config MESSAGE: Removed /extra/default1. nimol_config MESSAGE: Removed "LABEL default
Read more

Configure Solaris 10 LDOM on Solaris 11.4

root@comglv1:~# ldm add-memory 16G htcsun1 root@comglv1: # zfs destroy zones cannot destroy 'zones': operation does not apply to pools use 'zfs destroy -r zones' to destroy all datasets in the pool use 'zpool destroy zones' to destroy the pool itself root@comglv1: # zfs destroy -r zones root@comglv1: # zpool create LDOM mirror c0t5000CCA03C0E89D8d0s0 c0t5000CCA03C2F3BB4d0s0 root@comglv1: # zfs create LDOM/htcsun1 root@comglv1: # zfs create -V 150g LDOM/htcsun1/disk0 root@comglv1: # ldm rm-vdisk vdisk0 htcsun1 root@comglv1: # ldm rm-vdsdev htcsun1-vd0@primary-vds0 root@comglv1: # ldm rm-vdsdev  vol0@primary-vds0 root@comglv1: # ldm rm-vdsdev iso@primary-vds0 root@comglv1: # add-vdsdev options=ro sol-10-u11-ga-sparc-dvd.iso htcsun1-iso@primary-vds0 root@comglv1: # ldm add-vdsdev /dev/zvol/dsk/LDOM/htcsun1/disk0 htcsun1-vd0@primary-vds0 root@comglv1: # ldm add-vdisk vdisk0 htcsun1-vd0@primary-vds0 htcsun1
Read more

Change P410i from HBA mode to Raid mdoe

fs0:\> dir Directory of: fs0:\   03/07/13  10:44a            1,492,736  0126.bin   03/07/13  10:44a                  953  fwupdate.nsh   03/07/13  10:44a            4,194,304  sandman_578b0.bin   03/07/13  10:44a              452,096  saupdate.efi   12/03/12  10:12a               12,792  .psafe3   03/07/13  10:38a <DIR>          4,096  .Trash-500           5 File(s)   6,152,881 bytes           1 Dir(s) fs0:\> fwupdate.nsh fwupdate.nsh> echo -off ******************************************************************************** ****                                                                        **** ****                        IO CARD FIRMWARE UPDATE                         **** ****            (c) Copyright Hewlett-Packard Company, 2001-2012            **** ****                          All rights reserved.                          **** ****                                                                        **** ****                                         
Read more