Katherine Reid · Nov 27, 2017 1m read
Upgrading TLS configurations

Caché will not change the cryptographic settings in an existing TLS configuration when you upgrade.  This means that unless you've updated them yourself, you're still using the values from the very first version you started using SSL in.  

5 2
0 694

I have an Ensemble installation and just build my first RestService (using %CSP.Rest that forwards them to my Business Service). This works nice and fine when I use postman to make REST calls over http (port 57772). However when I attempt to make a request using https over port 443 I receive the following error:

1 7
0 755

I have an Ensemble installation with an FTP business operation which I would like to connect to a server over SSL in explicit mode (see also: I keep running into timeouts while attempting to do this via Ensemble. Does Ensemble actually support SSL in explicit mode??? Because I can't seem to find any setting where to switch it on.

0 1
0 463


I can't work out how to use the Cache CA Server to process certificate request from external clients!

We are setting up an interface where we use SSL/TLS 'Mutual Authentication' to allow a client system to securely transmit document to  our server. (they are off-site and hosting a service for us)

I am not a security expert, but my understanding of setting up mutual authentication where my instance of ensemble is the server, and it is receiving messages from a client is as follows

0 5
0 1,392

We are in the process of setting enabling SSL on a soap web service exposed via InterSystems, but are running into trouble. We have installed our certificates on our webserver (Apache 2.4) and enabled SSL over the default port 57772. However, we now get an error when sending a soap message to the web service (it used to work over http). Specifically the CSP gateway refuses to route te emssage the soap web service:

0 1
0 1,061

I have built an Ensemble SOAP service (EnsLib.SoapService.Service) as a business service which accepts soap requests from another application. To secure the traffic between the SOAP service and the application i'd like to enable SSL. I see that in the management portal I can upload the certificates, chains and keys and save them as an SSL / TLS configuration. However, it is not clear to me how I apply this SSL / TLS configurtion to the soap service I am running.

0 2
0 1,428

In this post, I am going to detail how to set up a mirror using SSL, including generating the certificates and keys via the Public Key Infrastructure built in to Caché. The goal of this is to take you from new installations to a working mirror with SSL, including a primary, backup, and DR async member, along with a mirrored database. I will not go into security recommendations or restricting access to the files. This is meant to just simply get a mirror up and running.

4 7
0 1,998
Chris Paraskiv · Mar 2, 2017
Atelier over https

Can Atelier connect to an Ensemble server that only accepts https connections?

How do I configure that? I did try an ssh into such server and Atelier over that but it didn't seem to work.


Any suggestions?




1 3
0 335

I have posted to aid others in diagnosing problem with SSL/TLS connections to superserver port from .NET client executable.

The cache instance this appeared on is quite old - 2011 - so I do not know if Intersystems have added a better error message in a later version

The actual fault was due to the certificate in the %SuperServer SSL/TLS configuration having expired.

The unhelpful message that appeared in the .NET client included the following partial stack trace.


0 0
0 741

I am using OAuth2 Cache framework, acting as a client to an authorization server. My setup is based on this excellent previous post [Caché Open Authorization Framework (OAuth 2.0) implementation – part 1].

I'm facing ‘Authorization Server Error: Error Processing Response - No match between server name '' and SSL certificate values…’

It looks like I should set SSLCheckServerIdentity to false but I can’t figure out how. Has anyone had the same issue?

0 4
0 1,034


I'm posting this for the benefit of others. Not often one changes certificates in Cache, at least in my case. I run a system, that uses certificates to encrypt SOAP messages, and since the last time I ran it, my certificates expired.

So I renewed them using our PKI tool, so far so good. I gave all (3) certificates the same names (and filenames too) as to those expired, thinking that everything would just work fine next time I call the SOAP service.

Unfortunately, I got trapped.

2 0
0 516