#SSL

5

Secure Sockets Layer (SSL) is a standard security technology for establishing an encrypted link between a server and a client - typically a web server (website) and a browser, or a mail server and a mail client.

Learn more.

Hello,

I'm trying to connect a Python backend application to an InterSystems IRIS Community Edition instance running in a Docker container on an AWS EC2 instance. I'm facing persistent connection issues and an SSL Error despite the Superserver apparently having SSL disabled. I'm hoping for some insight into what might be causing this contradictory behavior.

My Setup:

0 2
0 20

Hi,

I recently had a company-enforced OS upgrade, and ever since going from mac OS 14.x to 15.x, I am currently having issues with SSL in IRIS.

An ARM (M3 pro) machine running OS 15.2, with the latest Docker Desktop (at the time of writing, 4.37.0). The Docker container runs IRIS for UNIX (Ubuntu Server LTS for x86-64 Containers) 2022.1.2 (Build 574_0_22161U). This container has not changed.

1 3
0 200
Question
· Jul 29, 2024
Task FeatureTracker

Does anyone know what this task does exactly? And what problems would I have if I didn't use an SSL certificate?

I got the error: "SSL/TLS error in SSL_connect(), SSL_ERROR_SSL: protocol error, error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed"

Has anyone encountered this problem before?

0 4
0 141

Hello,

Recently I have been tinkering with VSCode and ObjectScript extension to connect to my dockerized IRIS instance. I have configured the instance to use Apache as a Web Gateway as per instructions and it has been working well. Currently I'm using a self-signed certificate for the SSL part of the connection. The browser nags about insecure certs when connecting to Management Portal but that's expected.

However when I try to connect to the instance with VSCode it simply fails with the following error message

0 11
0 1.1K

Question for folks who have connected to an External FHIR repository outside of IRIS. Within the HS.FHIRServer.Interop.HTTPOperation there is not an option to include TLS or an OAuth authentication when connecting to an external Repository. So then how is that piece done if you need to Authenticate against an OAuth Server before you are able to access the data or call the Web Services/REST calls?

0 1
0 175

I am trying to setup a OAuth2.0 configuration to connect to a server within our Network using OAuth2.0. My previous attempt worked, however forgot to capture the steps before I had whipped the System so please bear with me.

I have an SSL/TLS Client configuration setup as we use the setup for our LDAP configuration.

When I go through the following steps within the Terminal, I am getting the following error...

0 7
0 389
Question
· Nov 12, 2023
SSL Certificate Error

Hello,

I have recently created a HA by "Cloning" the existing server. Everything worked fine until I have to failover the Primary in order to process. The Backup Failover member successfully promoted to the status of primary. Everything was working fine except on one of the Services, I receieved the following error message;

> ERROR #6156: No match between server name 'Test111b.domain.local' and SSL certificate values 'Test111a.domain.local'.

0 2
0 355

I am trying to connect the external application. Authenticating via Two SSL,

I have the Client Cert, Private key and the Root Certificate

The connection is successful from local (both via terminal and as well via Postman)

But when trying from IRIS application by configuring the certificates in the SSL configuration, i am not able to successfully verify the SSl connections

When test from the ssl configuration with the endpoint and port its gives the error Error #988: SSL connection failed. SSL/TLS error in SSL_read(), SSL_ERROR_SYSCALL: I/O error (54)

0 7
0 1K 
First time setting up a SSL/TLS connection, and I am running into issues when I call it from within a Business Operation. I used openssl to generate a RSA 4096  SHA512 key/csr request for our Active Directory Certificate Service to generate a Certificate Chain for me to use within RedHat. I was 
able to connect to our Web Service server using a generic request from terminal, however when I try it from our Business Operation I am running into issues.

I tested the SSL/TLS connection using the following commands from the terminal...

DEVCLIN>set request=##class(%Net.HttpRequest).%New()
0 1
0 667

I am trying to setup our first SSL/TLS configuration so we can possibly connect to the EMR FHIR server to pull data into the Interoperability engine.

I am running on Red Hat, and created and submitted a openssl CSR request to our Windows ADCS system.

I used the following command to generate the key and CSR request to submit to Windows ADCS

openssl req -new -sha512 -nodes -newkey rsa:4096 -keyout xxxxxxx.key -out xxxxxxxx.csr

0 1
0 698

Hey guys.

I'm having trouble using the Certificate in my BO.

It started to occur after updating the certificate.

I have 2 configurations and 2 certificates, the first one was updated and no error occurs, the second one, the bad certificate or Handshake failure errors occurs. Both have the same configuration.
I already tried marking SSLV3, handshake error occurs. When I unchecked it, a Bad Certificate error occurs.

0 4
0 4.7K

So I have a base string that I want to sign using RSA-SHA256. I have a .p12 file and passphrase to get the RSA Private key using NodeJS (pem.readPkcs12 library), which I don't know how to do that in intersystems as well. (would appreciate if you can include a solution for that too)

The main problem here is I am trying to sign a string and print the result to terminal, using the code below in a routine (.mac file).

0 2
0 745

Hi Team ,

Can I please check if anyone has encountered SOAP authentication error when trying to submit a certificate signing request or when trying to get certificate .

I configured a local CA server without SMTP configuration and I configured a local CA client. These steps worked okay.

Then I tried to Submit Certificate Signing Request to Certificate Authority server and I am getting the following error :

0 1
0 333

Hi all,

I am trying to use some process private variables (percent variables) in Triggers.

I am referring to values from $System.Process, like the ClientIPAddress and CSPSessionID.
These do to not contain values and I suspect it is bacause of scope. I also checked, and the %session variable is not available if the change originated from a CSP request.
I know that in triggers the scope of the variables are to be kept local, that is why NEW is to be used.

0 10
0 396

Hello Community,

when trying to send HS.FHIRServer.Interop.Request objects to an external FHIR server, I get errors: ERROR #6156: No match between server name '...' and SSL certificate values '...'. The reason is pretty clear, the problem is that we don't get correct certificates in time, but have some pressure to go live with the interface.

0 3
0 484

I am not sure if this is the correct place for this question, but I am struggling to setup TLS security for our IRIS Management Portal and etc. through Apache and the Web Gateway. I have a couple of questions when it comes to the setup.

  • if I build a private key and certificate within Red Hat, does that certificate have to be on everyone's pc to connect to the Management Portal?
  • Can I use a self signed Certificate?
  • Can I use the existing CA on the server, or do I need to work with my Data Security team to get a Certificate?
0 1
0 560

I was wondering if there was a certain procedure or documentation on securing (Https://) the Web Portal into IRIS/Ensemble?

Currently we are using LDAP Delegated Authentication to access the Web Portal using LDAP. However as more and more emphasis is put on securing applications within networks, I can see Management/Security asking us to make sure that the web portal is more secure.

1 6
1 1.1K

Hi

We have ODBC 32bit Encryption working on our database with a SSLDEFs.ini file. However 64 bit ODBC Encryption will not work and give generic error, same error if the ini file is not there for 32BIT.

We have copied the ini file to the 64bit folder? Any ideas please?

thanks

0 2
0 330

I'm trying to implement an OAuth2 server, but I have som issues when trying to setup JWT under OAuth 2.0->Client.

I get the error message saying "No match between server name 'localhost' and SSL certificate values 'cache'". I have set up a SSL/TLS configuration as simple as possible without any certificate files. I'm accessing my server via HTTPS with an unsigned certificate.

Can anyone point me in the right direction on how to resolve the issue I'm encountering.

0 1
0 658
Question
· May 14, 2021
SSLConfig with ECC

Hello everyone,
I can choose between RSA and DSA. ECC seems to be unsupported.
Is there any workarounds without using external binary like curl?

Best regards
RY

0 5
0 442

I have 2 instances of Cache, one of 2010 and the other 2016. On both I have created a SSL Configuration with same name.

When I connect to a SOAP Service Client from Cache 2010, I get the above error.

If I connect from Cache 2016, the connection get through.

How can get more details of the error in the Cache 2010 instance to be able to fix this issue.

I have enabled the SOAP Log and it does not give much of details.

Regards

Anil

1 6
0 5.8K

We are getting more and more request wondering if we could send/receive data via HTTPS to the outside world from within our Hospital Network. As you can imagine our Ensemble/Cache productions are not exposed to the DMZ or has access outside of the network. We only communicate with external vendors through a VPN, so communicating not using a VPN is rather new to us.

Currently there is a project to get rid of using Proxy, and instead of through a Load Balancer that can use rules to filter out traffic, which adds another layer of complexity.

1 3
0 285

Hi, a client have a installed enviroment with mirror activated, but when you test SSL on webservices you can get an error, not SSL access correctly from browser because certificate problem apparently with TLS Version, someone have a suggestion to reinstall SSL Certificates on mirrors ?

Chrome : something wrong, no details or diagnostic
Firefox : SSL_ERROR_HANDSHAKE_FAILURE_ALERT

We try simple regenerate Authority an regenerate all certificates, but not worked. Same results.

0 4
0 230

Hello Community,

I want to secure a SOAP Webservice (an EnsLib.SOAP.Service one, if that matters) adding a SSL/Username Policy to it. As im not sure how detailed my request here should get, ill try giving a detailed as-is description of my setup, what I've tried, how I tried to test the connection and what problems including some logs I ran into.

As a small foreword: I'm pretty new to the whole security aspect of intersystems and soap itself.

System:

1 3
0 778