#SSL

5

Secure Sockets Layer (SSL) is a standard security technology for establishing an encrypted link between a server and a client - typically a web server (website) and a browser, or a mail server and a mail client.

Learn more.

I'm trying to configure an SSL/TSL configuration in our test environment so we can send ADT messages to an external server. I've verified connectivity/firewall to the external server.

type is set to Client, Server certificate verification is set to Require.

I have received a certificate from the external supplier and linked that in the "File containing trusted Certificate Authjority certificate" field. (I've also imported it into the cert store and tried using %OSCertificateStore).

0 2
1 361

Hello all,

Been doing Ensemble for a while but I am struggling with this SOAP set up.

Currently in Cloverleaf, we are taking the HL7 feed out of Epic, and then we put the SOAP wrapper around it. Then using a CAIR provided wsdl, we seem to be using a JKS file and a PFX file to send the data to CAIR (http://cairweb.org/next-steps-page/).

Here is what I have done so far: I used the SOAP wizard with the wsdl file to create a new Operation.

My questions are these:

0 2
0 440

Hi all,

I am trying to establish an HTTPS connection to a server using a %Net.HttpRequest object. I'm able to ping and curl the server via command line. The issue I am running into is that I am able to establish a connection, but something seems to be going wrong with verification from the server side. For example, if I use the CheckSSLCN method on the server, it returns this error message

ERROR #6155: Unable to verify SSL/TLS connected to correct system as no SSL certificate present for this socket. */

1 2
1 216

I have built an Ensemble SOAP service (EnsLib.SoapService.Service) as a business service which accepts soap requests from another application. To secure the traffic between the SOAP service and the application i'd like to enable SSL. I see that in the management portal I can upload the certificates, chains and keys and save them as an SSL / TLS configuration. However, it is not clear to me how I apply this SSL / TLS configurtion to the soap service I am running.

0 2
0 1.8K

So I have a base string that I want to sign using RSA-SHA256. I have a .p12 file and passphrase to get the RSA Private key using NodeJS (pem.readPkcs12 library), which I don't know how to do that in intersystems as well. (would appreciate if you can include a solution for that too)

The main problem here is I am trying to sign a string and print the result to terminal, using the code below in a routine (.mac file).

0 2
0 744

Hello,

I have Iris4Health community version (using for some development) running in a docker container and trying to enable TLS/SSL/HTTPS in the container. I have created the SSL cert chain (root ca/web site cert) via open SSL have the http.conf and http-local.conf file loaded on a durable volume. I have also loaded the root CA in the trusted root cert store on the device that is connecting.

After inspecting the logs it looks like apache has loaded the certs and is listening on the correct port, but I am unable to connect to the mgmt portal via SSL.

0 2
1 580

Hi

We have ODBC 32bit Encryption working on our database with a SSLDEFs.ini file. However 64 bit ODBC Encryption will not work and give generic error, same error if the ini file is not there for 32BIT.

We have copied the ini file to the 64bit folder? Any ideas please?

thanks

0 2
0 330
Question
· Nov 12, 2023
SSL Certificate Error

Hello,

I have recently created a HA by "Cloning" the existing server. Everything worked fine until I have to failover the Primary in order to process. The Backup Failover member successfully promoted to the status of primary. Everything was working fine except on one of the Services, I receieved the following error message;

> ERROR #6156: No match between server name 'Test111b.domain.local' and SSL certificate values 'Test111a.domain.local'.

0 2
0 354

Hello,

I'm trying to connect a Python backend application to an InterSystems IRIS Community Edition instance running in a Docker container on an AWS EC2 instance. I'm facing persistent connection issues and an SSL Error despite the Superserver apparently having SSL disabled. I'm hoping for some insight into what might be causing this contradictory behavior.

My Setup:

0 2
0 17

I'm trying to implement an OAuth2 server, but I have som issues when trying to setup JWT under OAuth 2.0->Client.

I get the error message saying "No match between server name 'localhost' and SSL certificate values 'cache'". I have set up a SSL/TLS configuration as simple as possible without any certificate files. I'm accessing my server via HTTPS with an unsigned certificate.

Can anyone point me in the right direction on how to resolve the issue I'm encountering.

0 1
0 657

I am not sure if this is the correct place for this question, but I am struggling to setup TLS security for our IRIS Management Portal and etc. through Apache and the Web Gateway. I have a couple of questions when it comes to the setup.

  • if I build a private key and certificate within Red Hat, does that certificate have to be on everyone's pc to connect to the Management Portal?
  • Can I use a self signed Certificate?
  • Can I use the existing CA on the server, or do I need to work with my Data Security team to get a Certificate?
0 1
0 559

Question for folks who have connected to an External FHIR repository outside of IRIS. Within the HS.FHIRServer.Interop.HTTPOperation there is not an option to include TLS or an OAuth authentication when connecting to an external Repository. So then how is that piece done if you need to Authenticate against an OAuth Server before you are able to access the data or call the Web Services/REST calls?

0 1
0 175

Hi Team ,

Can I please check if anyone has encountered SOAP authentication error when trying to submit a certificate signing request or when trying to get certificate .

I configured a local CA server without SMTP configuration and I configured a local CA client. These steps worked okay.

Then I tried to Submit Certificate Signing Request to Certificate Authority server and I am getting the following error :

0 1
0 333
Question
· Mar 2, 2017
TLS Cipher Suite selection

Our client is a test out of 2016.1 (Build 656U) Healthshare that wants to do a one way SSL connection to our Java 1.7/Tomcat 8.0 server. We have yet to come up with a secure cipher set that Healthshare and Java agree on for the handshake. So far we've had to use these ciphers identified which are not recommended (though it does do a handshake properly).

0 1
0 1.2K

We are in the process of setting enabling SSL on a soap web service exposed via InterSystems, but are running into trouble. We have installed our certificates on our webserver (Apache 2.4) and enabled SSL over the default port 57772. However, we now get an error when sending a soap message to the web service (it used to work over http). Specifically the CSP gateway refuses to route te emssage the soap web service:

0 1
0 1.2K

I have an Ensemble installation with an FTP business operation which I would like to connect to a server over SSL in explicit mode (see also: https://www.rebex.net/kb/tls-ssl-explicit-implicit/default.aspx). I keep running into timeouts while attempting to do this via Ensemble. Does Ensemble actually support SSL in explicit mode??? Because I can't seem to find any setting where to switch it on.

0 1
0 580

I am trying to setup our first SSL/TLS configuration so we can possibly connect to the EMR FHIR server to pull data into the Interoperability engine.

I am running on Red Hat, and created and submitted a openssl CSR request to our Windows ADCS system.

I used the following command to generate the key and CSR request to submit to Windows ADCS

openssl req -new -sha512 -nodes -newkey rsa:4096 -keyout xxxxxxx.key -out xxxxxxxx.csr

0 1
0 697 
First time setting up a SSL/TLS connection, and I am running into issues when I call it from within a Business Operation. I used openssl to generate a RSA 4096  SHA512 key/csr request for our Active Directory Certificate Service to generate a Certificate Chain for me to use within RedHat. I was 
able to connect to our Web Service server using a generic request from terminal, however when I try it from our Business Operation I am running into issues.

I tested the SSL/TLS connection using the following commands from the terminal...

DEVCLIN>set request=##class(%Net.HttpRequest).%New()
0 1
0 666
Question
· Nov 29, 2017
TCP adaptor + SSH Tunnel

Greetings.

We have one vendor who requires us to send data using TCP

through an SSH port forwarding tunnel that is set up in advance.

UNIX scripts maintain this, and the Ensemble interface uses a TCP Adapter.

I was thinking that Ensemble could maintain the SSH tunnel,

which would improve our detecting of issues.

Has anyone done something like this?

I see that the class %Net.SSH.Session has a method ForwardPort,

but it doesn't stand up the tunnel by itself. Instead, it appears

0 1
0 495

Good day

I am trying to connect a business service to fileZilla using FTP on my local PC Win 11.

I am trying to setup my training after attending the Building HL7 interfaces course with ISC.

The connection is failing. He is the error below

ERROR <Ens>ErrOutConnectFailed: FTP Connect failed for localhost:21//SSL=' with error ERROR <Ens>ErrFTPConnectFailed: FTP: Failed to connect to server 'localhost:21//SSL='/' (msg='Missing required argument',code=501)

0 1
0 31

Up until recently, I have been toying around with REST/FHIR capabilities but only internally. Now I have a request to make REST API calls outside of our Network.

I am using an RSA 4096 key, because Microsoft Active Directory Services which generates the signed certificate could not handle the Elliptical Key (ECC) when I put the request in.

0 0
0 155

Hello,

I was just trying to get to the bottom of a TLS config - we have an interface with a TLS config that has had 'Server certificate verification' set to 'On', however the cert file specified either did not exist or contained a cert that was expired.

Does anyone know what the behavior is for this typically? I would expect this to not allow traffic on the interface, however this has been working fine for a few years now with an invalid cert specified for 'Server certificate verification' and set to 'On'.

0 0
0 92

Does %OSCertificateStore only check the trusted root folder in windows?

Can it be used for Personal store on servers or is there another condition can be used?

Used it for a first time and writing a function to check specific ones being used for expiry but had one this week that was to be installed in personal rather than the trusted root and didn't know if stating OSCertificateStore or a url otherwise to look in the personal installed certs on the server could be used instead so stuck with the original way (which can get confusing)

0 0
0 40

For those that use IRIS for Health, HealthShare, and or Health Connect...

As Health Applications are moving to the Cloud, how have you handled communication from the Application to your instances via HTTPS?

Trying to figure out the best path on designing the proper workflow to allow these messages to be allowed to be eventually sent to our EMR to post to the patient chart.

We are very wary of opening a connection from the internet to our instance of Health Connect.

Thanks

0 0
0 38