Question
· Jun 29, 2018
Adding TLS to ZAUTHENTICATE

I wrote a ZAUTHENTICATE.mac a couple of months back, and found recently that it is creating coredumps on almost a nightly basis. I think I have figured out this problem to be not clearing out my MsgSearch after I am doing 2 of them within the code.

1. Get User Attibutes from AD

2. Get User Groups From AD

So while I am trying to cleanup the code I thought it would be a good time to add a Certificate and TLS to the mix since I should of been using that all along. However I keep running into issues

1 14
0 546

Hi community,

I would like to ask how to correctly enforce SSL on all "developer traffic" -- that is Management portal and Studio connections -- on a Caché instance.

Given large developer permissions, I would like to eliminate all plaintext credentials on the wire.

Currently, we compile our own httpd with SSL support for Management portal, but this breaks Add-Ins for us, in particular the SOAP wizard. So I guess this is not the "canonical way".

Thanks for any suggestions

Jiri

0 12
0 764

Hello,

Recently I have been tinkering with VSCode and ObjectScript extension to connect to my dockerized IRIS instance. I have configured the instance to use Apache as a Web Gateway as per instructions and it has been working well. Currently I'm using a self-signed certificate for the SSL part of the connection. The browser nags about insecure certs when connecting to Management Portal but that's expected.

However when I try to connect to the instance with VSCode it simply fails with the following error message

0 11
0 1.1K

Hi all,

I am trying to use some process private variables (percent variables) in Triggers.

I am referring to values from $System.Process, like the ClientIPAddress and CSPSessionID.
These do to not contain values and I suspect it is bacause of scope. I also checked, and the %session variable is not available if the change originated from a CSP request.
I know that in triggers the scope of the variables are to be kept local, that is why NEW is to be used.

0 10
0 394

Hello everyone smiley

I have a server configuration in a CSP Gateway installed on a PC (let's call it S2) different from the main one (let's call it S1). This configuration allows me to access a web application that is installed on S1, from a client C asking S2 for this webapp. But for now it works only in HTTP between C and S2, and we would like to use HTTPS (as it already works between S2 and S1).

1 8
0 2.1K

I have an Ensemble installation and just build my first RestService (using %CSP.Rest that forwards them to my Business Service). This works nice and fine when I use postman to make REST calls over http (port 57772). However when I attempt to make a request using https over port 443 I receive the following error:

1 7
0 936

I am trying to connect the external application. Authenticating via Two SSL,

I have the Client Cert, Private key and the Root Certificate

The connection is successful from local (both via terminal and as well via Postman)

But when trying from IRIS application by configuring the certificates in the SSL configuration, i am not able to successfully verify the SSl connections

When test from the ssl configuration with the endpoint and port its gives the error Error #988: SSL connection failed. SSL/TLS error in SSL_read(), SSL_ERROR_SYSCALL: I/O error (54)

0 7
0 1K

I am trying to setup a OAuth2.0 configuration to connect to a server within our Network using OAuth2.0. My previous attempt worked, however forgot to capture the steps before I had whipped the System so please bear with me.

I have an SSL/TLS Client configuration setup as we use the setup for our LDAP configuration.

When I go through the following steps within the Terminal, I am getting the following error...

0 7
0 385

I was wondering if there was a certain procedure or documentation on securing (Https://) the Web Portal into IRIS/Ensemble?

Currently we are using LDAP Delegated Authentication to access the Web Portal using LDAP. However as more and more emphasis is put on securing applications within networks, I can see Management/Security asking us to make sure that the web portal is more secure.

1 6
1 1.1K

I have 2 instances of Cache, one of 2010 and the other 2016. On both I have created a SSL Configuration with same name.

When I connect to a SOAP Service Client from Cache 2010, I get the above error.

If I connect from Cache 2016, the connection get through.

How can get more details of the error in the Cache 2010 instance to be able to fix this issue.

I have enabled the SOAP Log and it does not give much of details.

Regards

Anil

1 6
0 5.7K

Hi,

I can't work out how to use the Cache CA Server to process certificate request from external clients!

We are setting up an interface where we use SSL/TLS 'Mutual Authentication' to allow a client system to securely transmit document to our server. (they are off-site and hosting a service for us)

I am not a security expert, but my understanding of setting up mutual authentication where my instance of ensemble is the server, and it is receiving messages from a client is as follows

0 5
0 1.8K
Question
· May 14, 2021
SSLConfig with ECC

Hello everyone,
I can choose between RSA and DSA. ECC seems to be unsupported.
Is there any workarounds without using external binary like curl?

Best regards
RY

0 5
0 440

Hey guys.

I'm having trouble using the Certificate in my BO.

It started to occur after updating the certificate.

I have 2 configurations and 2 certificates, the first one was updated and no error occurs, the second one, the bad certificate or Handshake failure errors occurs. Both have the same configuration.
I already tried marking SSLV3, handshake error occurs. When I unchecked it, a Bad Certificate error occurs.

0 4
0 4.7K

Hi, a client have a installed enviroment with mirror activated, but when you test SSL on webservices you can get an error, not SSL access correctly from browser because certificate problem apparently with TLS Version, someone have a suggestion to reinstall SSL Certificates on mirrors ?

Chrome : something wrong, no details or diagnostic
Firefox : SSL_ERROR_HANDSHAKE_FAILURE_ALERT

We try simple regenerate Authority an regenerate all certificates, but not worked. Same results.

0 4
0 230

I am using OAuth2 Cache framework, acting as a client to an authorization server. My setup is based on this excellent previous post [Caché Open Authorization Framework (OAuth 2.0) implementation – part 1].

I'm facing ‘Authorization Server Error: Error Processing Response - No match between server name 'googleapis.com' and SSL certificate values google.com…’

It looks like I should set SSLCheckServerIdentity to false but I can’t figure out how. Has anyone had the same issue?

0 4
0 1.4K
Question
· Jul 29, 2024
Task FeatureTracker

Does anyone know what this task does exactly? And what problems would I have if I didn't use an SSL certificate?

I got the error: "SSL/TLS error in SSL_connect(), SSL_ERROR_SSL: protocol error, error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed"

Has anyone encountered this problem before?

0 4
0 137

OAuth server to be deployed on the IRIS learning cloud platform. Clients - one on the other instance of the learning IRIS server, the other client locally on my computer in the container docker.

Both clients get a seemingly correct link (through ##class(%SYS.OAuth2.Authorization).GetAuthorizationCodeEndpoint()) to the login request form:

1 3
1 974
Question
· Mar 2, 2017
Atelier over https

Can Atelier connect to an Ensemble server that only accepts https connections?

How do I configure that? I did try an ssh into such server and Atelier over that but it didn't seem to work.

Any suggestions?

Thanks,

Chris

1 3
0 424

Hello Community,

I want to secure a SOAP Webservice (an EnsLib.SOAP.Service one, if that matters) adding a SSL/Username Policy to it. As im not sure how detailed my request here should get, ill try giving a detailed as-is description of my setup, what I've tried, how I tried to test the connection and what problems including some logs I ran into.

As a small foreword: I'm pretty new to the whole security aspect of intersystems and soap itself.

System:

1 3
0 777

Hi,

I recently had a company-enforced OS upgrade, and ever since going from mac OS 14.x to 15.x, I am currently having issues with SSL in IRIS.

An ARM (M3 pro) machine running OS 15.2, with the latest Docker Desktop (at the time of writing, 4.37.0). The Docker container runs IRIS for UNIX (Ubuntu Server LTS for x86-64 Containers) 2022.1.2 (Build 574_0_22161U). This container has not changed.

1 3
0 196

We are getting more and more request wondering if we could send/receive data via HTTPS to the outside world from within our Hospital Network. As you can imagine our Ensemble/Cache productions are not exposed to the DMZ or has access outside of the network. We only communicate with external vendors through a VPN, so communicating not using a VPN is rather new to us.

Currently there is a project to get rid of using Proxy, and instead of through a Load Balancer that can use rules to filter out traffic, which adds another layer of complexity.

1 3
0 285

I'm using a %Net.HttpRequest which had been successful in the past, but started failing at some point with a SSL/TLS protocol error.

ERROR #6085: Unable to write to socket with SSL/TLS configuration 'groundca', error reported 'SSL/TLS error in SSL_connect(), SSL_ERROR_SSL: protocol error, error:14077102:SSL routines:SSL23_GET_SERVER_HELLO:unsupported protocol'

The SSL/TLS configuration:

0 3
0 66

Hello Community,

when trying to send HS.FHIRServer.Interop.Request objects to an external FHIR server, I get errors: ERROR #6156: No match between server name '...' and SSL certificate values '...'. The reason is pretty clear, the problem is that we don't get correct certificates in time, but have some pressure to go live with the interface.

0 3
0 484

Hi all,

I am trying to establish an HTTPS connection to a server using a %Net.HttpRequest object. I'm able to ping and curl the server via command line. The issue I am running into is that I am able to establish a connection, but something seems to be going wrong with verification from the server side. For example, if I use the CheckSSLCN method on the server, it returns this error message

ERROR #6155: Unable to verify SSL/TLS connected to correct system as no SSL certificate present for this socket. */

1 2
1 214