Secure Sockets Layer (SSL) is a standard security technology for establishing an encrypted link between a server and a client - typically a web server (website) and a browser, or a mail server and a mail client.
We are getting more and more request wondering if we could send/receive data via HTTPS to the outside world from within our Hospital Network. As you can imagine our Ensemble/Cache productions are not exposed to the DMZ or has access outside of the network. We only communicate with external vendors through a VPN, so communicating not using a VPN is rather new to us.
Currently there is a project to get rid of using Proxy, and instead of through a Load Balancer that can use rules to filter out traffic, which adds another layer of complexity.
when trying to send HS.FHIRServer.Interop.Request objects to an external FHIR server, I get errors: ERROR #6156: No match between server name '...' and SSL certificate values '...'. The reason is pretty clear, the problem is that we don't get correct certificates in time, but have some pressure to go live with the interface.
OAuth server to be deployed on the IRIS learning cloud platform. Clients - one on the other instance of the learning IRIS server, the other client locally on my computer in the container docker.
Both clients get a seemingly correct link (through ##class(%SYS.OAuth2.Authorization).GetAuthorizationCodeEndpoint()) to the login request form:
I'm trying to configure an SSL/TSL configuration in our test environment so we can send ADT messages to an external server. I've verified connectivity/firewall to the external server.
type is set to Client, Server certificate verification is set to Require.
I have received a certificate from the external supplier and linked that in the "File containing trusted Certificate Authjority certificate" field. (I've also imported it into the cert store and tried using %OSCertificateStore).
Caché will not change the cryptographic settings in an existing TLS configuration when you upgrade. This means that unless you've updated them yourself, you're still using the values from the very first version you started using SSL in.
Does anyone has any idea on how to send an encrypted / secure Print from IRIS ( which is hosted on AWS ) to a printer ( which is an on-premise device ).
So I have a base string that I want to sign using RSA-SHA256. I have a .p12 file and passphrase to get the RSA Private key using NodeJS (pem.readPkcs12 library), which I don't know how to do that in intersystems as well. (would appreciate if you can include a solution for that too)
The main problem here is I am trying to sign a string and print the result to terminal, using the code below in a routine (.mac file).
I have Iris4Health community version (using for some development) running in a docker container and trying to enable TLS/SSL/HTTPS in the container. I have created the SSL cert chain (root ca/web site cert) via open SSL have the http.conf and http-local.conf file loaded on a durable volume. I have also loaded the root CA in the trusted root cert store on the device that is connecting.
After inspecting the logs it looks like apache has loaded the certs and is listening on the correct port, but I am unable to connect to the mgmt portal via SSL.
We have ODBC 32bit Encryption working on our database with a SSLDEFs.ini file. However 64 bit ODBC Encryption will not work and give generic error, same error if the ini file is not there for 32BIT.
We have copied the ini file to the 64bit folder? Any ideas please?
Been doing Ensemble for a while but I am struggling with this SOAP set up.
Currently in Cloverleaf, we are taking the HL7 feed out of Epic, and then we put the SOAP wrapper around it. Then using a CAIR provided wsdl, we seem to be using a JKS file and a PFX file to send the data to CAIR (http://cairweb.org/next-steps-page/).
Here is what I have done so far: I used the SOAP wizard with the wsdl file to create a new Operation.
I have built an Ensemble SOAP service (EnsLib.SoapService.Service) as a business service which accepts soap requests from another application. To secure the traffic between the SOAP service and the application i'd like to enable SSL. I see that in the management portal I can upload the certificates, chains and keys and save them as an SSL / TLS configuration. However, it is not clear to me how I apply this SSL / TLS configurtion to the soap service I am running.
I have recently created a HA by "Cloning" the existing server. Everything worked fine until I have to failover the Primary in order to process. The Backup Failover member successfully promoted to the status of primary. Everything was working fine except on one of the Services, I receieved the following error message;
> ERROR #6156: No match between server name 'Test111b.domain.local' and SSL certificate values 'Test111a.domain.local'.
I've disabled TLS v1.0 and 1.1 within Healthshare setting, but still seeing these error messages when running a security scan. We do have apache being used. What else can I try?
Question for folks who have connected to an External FHIR repository outside of IRIS. Within the HS.FHIRServer.Interop.HTTPOperation there is not an option to include TLS or an OAuth authentication when connecting to an external Repository. So then how is that piece done if you need to Authenticate against an OAuth Server before you are able to access the data or call the Web Services/REST calls?
Caché 2015.2 announced support for TLS v1.1 and v1.2. In this version, the SSL/TLS configuration page provides checkboxes for TLS v1.1 and v1.2, which allows the versions to be configured individually. This allows sites to, for example, require TLS v1.2 only.
Additionally, some earlier versions of Caché provide undocumented support for TLS v1.1 and v1.2, specifically Caché 2014.1.3 and above and 2015.1, on Windows, Linux and Unix.
I'm trying to implement an OAuth2 server, but I have som issues when trying to setup JWT under OAuth 2.0->Client.
I get the error message saying "No match between server name 'localhost' and SSL certificate values 'cache'". I have set up a SSL/TLS configuration as simple as possible without any certificate files. I'm accessing my server via HTTPS with an unsigned certificate.
Can anyone point me in the right direction on how to resolve the issue I'm encountering.
First time setting up a SSL/TLS connection, and I am running into issues when I call it from within a Business Operation. I used openssl to generate a RSA 4096 SHA512 key/csr request for our Active Directory Certificate Service to generate a Certificate Chain for me to use within RedHat. I was
able to connect to our Web Service server using a generic request from terminal, however when I try it from our Business Operation I am running into issues.
I tested the SSL/TLS connection using the following commands from the terminal...
DEVCLIN>set request=##class(%Net.HttpRequest).%New()
I recently needed to setup an SSL/TLS configuration in IRIS that supported mutual authentication (where the server IRIS is establish a connection to is verified, and, where IRIS is in turn verified by the remote host). After a bit of research and getting it done, I thought it worthwhile to just go over the process I went through in order to potential help others, and save you some time .
Our client is a test out of 2016.1 (Build 656U) Healthshare that wants to do a one way SSL connection to our Java 1.7/Tomcat 8.0 server. We have yet to come up with a secure cipher set that Healthshare and Java agree on for the handshake. So far we've had to use these ciphers identified which are not recommended (though it does do a handshake properly).
I am not sure if this is the correct place for this question, but I am struggling to setup TLS security for our IRIS Management Portal and etc. through Apache and the Web Gateway. I have a couple of questions when it comes to the setup.
if I build a private key and certificate within Red Hat, does that certificate have to be on everyone's pc to connect to the Management Portal?
Can I use a self signed Certificate?
Can I use the existing CA on the server, or do I need to work with my Data Security team to get a Certificate?
We are in the process of setting enabling SSL on a soap web service exposed via InterSystems, but are running into trouble. We have installed our certificates on our webserver (Apache 2.4) and enabled SSL over the default port 57772. However, we now get an error when sending a soap message to the web service (it used to work over http). Specifically the CSP gateway refuses to route te emssage the soap web service:
In this article we are going to see how we can use the WhatsApp instant messaging service from InterSystems IRIS to send messages to different recipients. To do this we must create and configure an account in Meta and configure a Business Operation to send the messages we want.
Let's look at each of these steps in more detail.
Setting up an account on Meta
This is possibly the most complicated point of the entire configuration, since we will have to configure a series of accounts until we can have the messaging functionality.
Can I please check if anyone has encountered SOAP authentication error when trying to submit a certificate signing request or when trying to get certificate .
I configured a local CA server without SMTP configuration and I configured a local CA client. These steps worked okay.
Then I tried to Submit Certificate Signing Request to Certificate Authority server and I am getting the following error :
By replies
.png)
Open Exchange app.png)