We're excited to continue to roll out new features to InterSystems IRIS Cloud SQL, such as the new Vector Search capability that was first released with InterSystems IRIS 2024.1. Cloud SQL is a cloud service that offers exactly that: SQL access in the cloud. That means you'll be using industry-standard driver technologies such as JDBC, ODBC, and DB-API to connect to this service and access your data. The documentation describes in proper detail how to configure the important driver-level settings, but doesn't cover specific third-party tools as - as you can imagine - there's an infinite number of them.

In this article, we'll complement that reference documentation with more detailed steps for a popular third-party data visualization tool that several of our customers use to access IRIS-based data: Microsoft Power BI.

4 0
0 50

Question for folks who have connected to an External FHIR repository outside of IRIS. Within the HS.FHIRServer.Interop.HTTPOperation there is not an option to include TLS or an OAuth authentication when connecting to an external Repository. So then how is that piece done if you need to Authenticate against an OAuth Server before you are able to access the data or call the Web Services/REST calls?

0 1
0 62

I am trying to setup a OAuth2.0 configuration to connect to a server within our Network using OAuth2.0. My previous attempt worked, however forgot to capture the steps before I had whipped the System so please bear with me.

I have an SSL/TLS Client configuration setup as we use the setup for our LDAP configuration.

When I go through the following steps within the Terminal, I am getting the following error...

0 7
0 159

I'm trying to configure an SSL/TSL configuration in our test environment so we can send ADT messages to an external server. I've verified connectivity/firewall to the external server.

type is set to Client, Server certificate verification is set to Require.

I have received a certificate from the external supplier and linked that in the "File containing trusted Certificate Authjority certificate" field. (I've also imported it into the cert store and tried using %OSCertificateStore).

0 2
1 92

Updated Jan 19th, 2023.

Hi all,

I want to share a quick little method you can use to enable ssl with a self signed certificate on your local development instance of IRIS/HealthShare. This enables you to test https-specific features such as OAuth without a huge lift.

1. Install OpenSSL

Windows     : Download from https://www.openssl.org or other built OpenSSL Binary. 

Debian Linux: $ sudo apt-get -y install openssl

RHEL        : $ sudo yum install openssl
9 7
7 1.9K

Hi,

I am trying to connect to another server using %Net.HttpRequest.

I keep getting this error : SSL23_GET_SERVER_HELLO:unsupported protocol.

My guess is that the site I am reaching for uses TLS1.3 which is not supported in 2016, But I cant right now ask my client to upgrade.

Is it possible to override this ? install some kind of a patch or a more recent version of openssl on the server ?

Thanks

Amiram

0 2
0 136

In this article we are going to see how we can use the WhatsApp instant messaging service from InterSystems IRIS to send messages to different recipients. To do this we must create and configure an account in Meta and configure a Business Operation to send the messages we want.

Let's look at each of these steps in more detail.

Setting up an account on Meta

This is possibly the most complicated point of the entire configuration, since we will have to configure a series of accounts until we can have the messaging functionality.

14 0
4 415

With the release of InterSystems IRIS Cloud SQL, we're getting more frequent questions about how to establish secure connections over JDBC and other driver technologies. While we have nice summary and detailed documentation on the driver technologies themselves, our documentation does not go as far to describe individual client tools, such as our personal favourite DBeaver. In this article, we'll describe the steps to create a secure connection from DBeaver to your Cloud SQL deployment.

8 20
2 1K
Question
· Nov 12, 2023
SSL Certificate Error

Hello,

I have recently created a HA by "Cloning" the existing server. Everything worked fine until I have to failover the Primary in order to process. The Backup Failover member successfully promoted to the status of primary. Everything was working fine except on one of the Services, I receieved the following error message;

> ERROR #6156: No match between server name 'Test111b.domain.local' and SSL certificate values 'Test111a.domain.local'.

0 2
0 196

I am trying to connect the external application. Authenticating via Two SSL,

I have the Client Cert, Private key and the Root Certificate

The connection is successful from local (both via terminal and as well via Postman)

But when trying from IRIS application by configuring the certificates in the SSL configuration, i am not able to successfully verify the SSl connections

When test from the ssl configuration with the endpoint and port its gives the error Error #988: SSL connection failed. SSL/TLS error in SSL_read(), SSL_ERROR_SYSCALL: I/O error (54)

0 7
0 594
First time setting up a SSL/TLS connection, and I am running into issues when I call it from within a Business Operation. I used openssl to generate a RSA 4096  SHA512 key/csr request for our Active Directory Certificate Service to generate a Certificate Chain for me to use within RedHat. I was 
able to connect to our Web Service server using a generic request from terminal, however when I try it from our Business Operation I am running into issues.

I tested the SSL/TLS connection using the following commands from the terminal...

DEVCLIN>set request=##class(%Net.HttpRequest).%New()
0 1
0 335

I am trying to setup our first SSL/TLS configuration so we can possibly connect to the EMR FHIR server to pull data into the Interoperability engine.

I am running on Red Hat, and created and submitted a openssl CSR request to our Windows ADCS system.

I used the following command to generate the key and CSR request to submit to Windows ADCS

openssl req -new -sha512 -nodes -newkey rsa:4096 -keyout xxxxxxx.key -out xxxxxxxx.csr

0 1
0 361

Several steps should be done in order to secure the connection through xDBC clients to an IRIS Server instance using TLS. Most of the information can be obtained from the documentation about TLS on IRIS here, about configuring the security layer for encrypted connections. In the next paragraphs we will cover an step-by-step guide on how to configure and test the connection using SQL Clients apps using ODBC and JDBC.

2 0
2 534

In this article, we will establish an encrypted JDBC connection between Tableau Desktop and InterSystems IRIS database using a JDBC driver.
While documentation on configuring TLS with Java clients covers all possible topics on establishing an encrypted JDBC connection, configuring it with Tableau might be a little bit tricky, so I decided to write it down.

2 3
2 491

Hello,

I have Iris4Health community version (using for some development) running in a docker container and trying to enable TLS/SSL/HTTPS in the container. I have created the SSL cert chain (root ca/web site cert) via open SSL have the http.conf and http-local.conf file loaded on a durable volume. I have also loaded the root CA in the trusted root cert store on the device that is connecting.

After inspecting the logs it looks like apache has loaded the certs and is listening on the correct port, but I am unable to connect to the mgmt portal via SSL.

0 2
1 390

Hey guys.

I'm having trouble using the Certificate in my BO.

It started to occur after updating the certificate.

I have 2 configurations and 2 certificates, the first one was updated and no error occurs, the second one, the bad certificate or Handshake failure errors occurs. Both have the same configuration.
I already tried marking SSLV3, handshake error occurs. When I unchecked it, a Bad Certificate error occurs.

0 4
0 3.4K

So I have a base string that I want to sign using RSA-SHA256. I have a .p12 file and passphrase to get the RSA Private key using NodeJS (pem.readPkcs12 library), which I don't know how to do that in intersystems as well. (would appreciate if you can include a solution for that too)

The main problem here is I am trying to sign a string and print the result to terminal, using the code below in a routine (.mac file).

0 2
0 462

Hi Team ,

Can I please check if anyone has encountered SOAP authentication error when trying to submit a certificate signing request or when trying to get certificate .

I configured a local CA server without SMTP configuration and I configured a local CA client. These steps worked okay.

Then I tried to Submit Certificate Signing Request to Certificate Authority server and I am getting the following error :

0 1
0 260

Hi all,

I am trying to use some process private variables (percent variables) in Triggers.

I am referring to values from $System.Process, like the ClientIPAddress and CSPSessionID.
These do to not contain values and I suspect it is bacause of scope. I also checked, and the %session variable is not available if the change originated from a CSP request.
I know that in triggers the scope of the variables are to be kept local, that is why NEW is to be used.

0 10
0 264

Hello Community,

when trying to send HS.FHIRServer.Interop.Request objects to an external FHIR server, I get errors: ERROR #6156: No match between server name '...' and SSL certificate values '...'. The reason is pretty clear, the problem is that we don't get correct certificates in time, but have some pressure to go live with the interface.

0 3
0 400

In this post, I am going to detail how to set up a mirror using SSL, including generating the certificates and keys via the Public Key Infrastructure built in to InterSystems IRIS Data Platform. I did a similar post in the past for Caché, so feel free to check that out here if you are not running InterSystems IRIS. Much like the original, the goal of this is to take you from new installations to a working mirror with SSL, including a primary, backup, and DR async member, along with a mirrored database. I will not go into security recommendations or restricting access to the files. This is meant to just simply get a mirror up and running. Example screenshots are taken on a 2018.1.1 version of IRIS, so yours may look slightly different.

8 3
4 1.4K
Article
· Aug 26, 2016 2m read
TLS v1.2 support in Caché

Question:

What version of Caché supports TLS v1.2?

Answer:

Caché 2015.2 announced support for TLS v1.1 and v1.2. In this version, the SSL/TLS configuration page provides checkboxes for TLS v1.1 and v1.2, which allows the versions to be configured individually. This allows sites to, for example, require TLS v1.2 only.

Additionally, some earlier versions of Caché provide undocumented support for TLS v1.1 and v1.2, specifically Caché 2014.1.3 and above and 2015.1, on Windows, Linux and Unix.

6 1
0 2.2K

There's an easy new way to add certificate authority (CA) certificates to your SSL/TLS configurations on InterSystems IRIS 2019.1 (and 2018.1.2) on Windows and Mac. You can ask IRIS to use the operating system's certificate store by entering:

%OSCertificateStore

in the field for "File containing Trusted Certificate Authority X.509 certificate(s)". Here's an image of how to do this in the portal:

14 4
4 1.4K

Hello,

Recently I have been tinkering with VSCode and ObjectScript extension to connect to my dockerized IRIS instance. I have configured the instance to use Apache as a Web Gateway as per instructions and it has been working well. Currently I'm using a self-signed certificate for the SSL part of the connection. The browser nags about insecure certs when connecting to Management Portal but that's expected.

However when I try to connect to the instance with VSCode it simply fails with the following error message

0 8
0 592

After what is seemed was weeks, I finally got SSL/TLS enabled on both Apache Web Server and IRIS using the Web Gateway. However while we can now use HTTPS to connect to our Development instance of IRIS, I am running into several errors when I have others try to access the Management Portal via HTTPS.

We are seeing...

0 6
0 466

I am not sure if this is the correct place for this question, but I am struggling to setup TLS security for our IRIS Management Portal and etc. through Apache and the Web Gateway. I have a couple of questions when it comes to the setup.

  • if I build a private key and certificate within Red Hat, does that certificate have to be on everyone's pc to connect to the Management Portal?
  • Can I use a self signed Certificate?
  • Can I use the existing CA on the server, or do I need to work with my Data Security team to get a Certificate?
0 1
0 425