I am receiving the same error trying to launch Studio from HealthShare Health Connect IRIS 2022.2 from my local PC to connect to the server. So we can't have two versions of Intersystems running on the same PC. I have both HealthShare HealthConnect 2018.1.3 and Health Connect IRIS 2022.2?
It looks like the Private Key is not encrypted as I am not seeing
-----BEGIN ENCRYPTED PRIVATE KEY-----
this is what I am seeing...
-----BEGIN RSA PRIVATE KEY-----
So that is probably my issue. Thanks
I generated the Key and CSR from openssl on the Red Hat server. I sent the CSR to our server folks for them to generate the Cert.
SSL/TLS configuration: %SuperServer
02/28/22-14:48:42:680 (770636) 0 [Generic.Event]
TLS enabled versions, minimum: 16, maximum: 32
02/28/22-14:48:42:680 (770636) 0 [Generic.Event]
Cipher list for TLSv1.2 and below: ALL:!aNULL:!eNULL:!EXP:!SSLv2
02/28/22-14:48:42:680 (770636) 0 [Generic.Event]
Ciphersuites for TLSv1.3: TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
02/28/22-14:48:42:680 (770636) 0 [Generic.Event]
Certificate file: /etc/pki/tls/certs/ssl_vd01.crt
02/28/22-14:48:42:680 (770636) 0 [Generic.Event]
Private key file: /etc/pki/tls/private/ssl_vd01.key
02/28/22-14:48:42:681 (770636) 0 [Generic.Event]
error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt
02/28/22-14:48:42:681 (770636) 0 [Generic.Event]
error:23077074:PKCS12 routines:PKCS12_pbe_crypt:pkcs12 cipherfinal error
02/28/22-14:48:42:681 (770636) 0 [Generic.Event]
error:2306A075:PKCS12 routines:PKCS12_item_decrypt_d2i:pkcs12 pbe crypt error
02/28/22-14:48:42:681 (770636) 0 [Generic.Event]
error:0907B00D:PEM routines:PEM_read_bio_PrivateKey:ASN1 lib
02/28/22-14:48:42:681 (770636) 0 [Generic.Event]
error:140B3009:SSL routines:SSL_CTX_use_RSAPrivateKey_file:PEM lib
02/28/22-14:49:02:170 (770555) 0 [Utility.Event] REDEBUG: new netdebugflags FF
02/28/22-18:01:15:093 (759932) 1 [Utility.Event] [SYSTEM MONITOR] DBLatency(/ensemble/DEV/mgr/iristemp/) Warning: DBLatency = 2075.368 ( Warnvalue is 1000).
02/28/22-18:11:45:685 (759932) 0 [Utility.Event] [SYSTEM MONITOR] DBLatency(/ensemble/DEV/
So it sounds like the Key and CSR/Cert wasn't generated correctly.
Right I had formatted it for PEM not pkcs12 which is why I was confused. I can't remember what openssl command I used to create the key but pkcs12 was not involved.
I think it was something like openssl req -newkey x509 rsa:4096 -keyout PRIVATEKEY.key -out MYCSR.csr -config my_config.cnf
When I downloaded the returned certificate file it was in PEM format.
Private key file: /etc/pki/tls/private/ssl_vd01.key
02/28/22-14:48:35:457 (770618) 0 [Generic.Event]
error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt
02/28/22-14:48:35:457 (770618) 0 [Generic.Event]
error:23077074:PKCS12 routines:PKCS12_pbe_crypt:pkcs12 cipherfinal error
02/28/22-14:48:35:457 (770618) 0 [Generic.Event]
error:2306A075:PKCS12 routines:PKCS12_item_decrypt_d2i:pkcs12 pbe crypt error
02/28/22-14:48:35:457 (770618) 0 [Generic.Event]
error:0907B00D:PEM routines:PEM_read_bio_PrivateKey:ASN1 lib
02/28/22-14:48:35:457 (770618) 0 [Generic.Event]
error:140B3009:SSL routines:SSL_CTX_use_RSAPrivateKey_file:PEM lib
Did I miss something in the documentation that the private key needed to be pkcs12 format? This is the first time I have seen this requirement.
I am also getting SSL/TLS error in SSL_connect(), SSL_ERROR_SYSCALL: I/O error (104) but this time it is in IRIS HealthShare HealthConnect 2021.2 on RedHat using Apache and the Web Gateway. As soon as I turn on the SSL/TLS within the server settings on the Gateway I am getting the error. But as soon as I switch it back to password I am able to get the "Test Server Connection" to work.
I have tried what it suggested but now I am getting the following error and can not start apache...
[root@xxxxxxx conf.modules.d]# apachectl configtest
[Mon Feb 28 11:00:01.370361 2022] [so:warn] [pid 762836:tid 140580690286912] AH01574: module cgid_module is already loaded, skipping
AH00534: httpd: Configuration error: More than one MPM loaded.
[root@int-lxiris-vd01 conf.modules.d]#
I also have noticed as soon as I turned on SSL/TLS on the web gateway I start getting
but as soon as I turn it off it works again. Is it truly secure at that point?
Very minimal since this is a development system and has not been released to my group as of yet. At the most maybe 2 or 3 users as of right now.
We are also seeing a similar issue when the PDF is over 44 mb.
<foreach property='source.{ORCgrp(1).OBRgrp(1).OBXgrp()}' key='k1' >
<if condition='source.{ORCgrp(1).OBRgrp(1).OBXgrp(k1).OBX:ValueType}="ED"' >
<true>
<assign value='"1"' property='target.{ORCgrp(1).OBRgrp(1).OBXgrp(1).OBX:SetIDOBX}' action='set' />
<assign value='"ED"' property='target.{ORCgrp(1).OBRgrp(1).OBXgrp(1).OBX:ValueType}' action='set' />
<assign value='"7"' property='target.{ORCgrp(1).OBRgrp(1).OBXgrp(1).OBX:ObservationIdentifier.Identifier}' action='set' />
<assign value='"URL"' property='target.{ORCgrp(1).OBRgrp(1).OBXgrp(1).OBX:ObservationIdentifier.Text}' action='set' />
<assign value='"EXTLRR"' property='target.{ORCgrp(1).OBRgrp(1).OBXgrp(1).OBX:ObservationIdentifier.NameofCodingSystem}' action='set' />
<assign value='"1"' property='target.{ORCgrp(1).OBRgrp(1).OBXgrp(1).OBX:ObservationSubID}' action='set' />
<assign value='"PDF"' property='target.{ORCgrp(1).OBRgrp(1).OBXgrp(1).OBX:ObservationValue(1).Identifier}' action='set' />
<assign value='source.{ORCgrp(1).OBRgrp(1).OBXgrp(k1).OBX:ObservationValue(1).Text}' property='target.{ORCgrp(1).OBRgrp(1).OBXgrp(1).OBX:ObservationValue(1).Text}' action='set' />
<assign value='"PDF"' property='target.{ORCgrp(1).OBRgrp(1).OBXgrp(1).OBX:ObservationValue(1).NameofCodingSystem}' action='set' />
<assign value='"Base64"' property='target.{ORCgrp(1).OBRgrp(1).OBXgrp(1).OBX:ObservationValue(1).AlternateIdentifier}' action='set' />
<assign value='##class(%Stream.GlobalCharacter).%New()' property='tStream' action='set' />
<assign value='source.GetFieldStreamRaw(.tStream,"ORCgrp(1).OBRgrp(1).OBXgrp("_k1_").OBX:5.5",.tRemainder)' property='tSC' action='set' />
<assign value='target.StoreFieldStreamRaw(tStream,"ORCgrp(1).OBRgrp(1).OBXgrp("_1_").OBX:5.5",tRemainder)' property='tSC' action='set' />
<assign value='""' property='$P(tRemainder,"|",11)' action='set' disabled='1' />
<assign value='..replace(..ReplaceStr(target.{ORCgrp(1).OBRgrp(1).OBXgrp(1).OBX:ObservationValue()}),"VASC^IMAGE/PDF^BASE64^","PDF^^PDF^Base64^")' property='target.{ORCgrp(1).OBRgrp(1).OBXgrp(1).OBX:ObservationValue()}' action='set' disabled='1' />
</true>
</if>
</foreach>
Did anyone come up with solution to this issue?
With upgrading to 2021.2 and moving to Red Hat servers we decided to pursue securing the management portal. I have read the documentation but I am still confused on how this should work.
I have installed Apache and a standalone Web Gateway. Does this mean I need to stop the Private Web Gateway that was installed with IRIS? How do I get calls to the Management Portal to go through the standalone Web Gateway? I am having issues trying to connect the parts.
Has anyone installed Apache and the standalone Web Gateway on the same server (Red Hat 8) that IRIS is running on? How did you configure it?
I do have the option of looking in Studio, would I look at the class file for the entire production or do I need to go through all cls files?
Yeah unfortunately I am unable to get Docker Desktop working inside of WSL2. There is some limitation inside of my Virtual Machine that is not letting me install/run it.
Thanks
Scott
How do I install Intersystems IAM manager without using a docker container?
So how do you know which is best to use? Currently we are using EDI to ingest an XML file from WorkDay, but we are running into throughput issues, so I was thinking it might be related to the service. We take the ingested data and put it into a class file, using a BPL and DTL, that is executed using a stored procedure to insert the data into a MS SQL table.
I am confused so bare with me... We currently use EnsLib.EDI.XML.Service.FileService to read the data and send it to a BPL which we just insert the data elements into the parameters for the stored procedure call. Are you saying we need to add another step in between? Is the SAX Parser only part of IRIS? We are still on Healthshare 2018.1.3 for the time being.
The documentation doesn't always give clear views on how it should be setup within the GUI. I tried looking for an example in ENSDEMO but did not see one. Do you have an example?
I believe the bottleneck is in the BPL with the sheer quantity/format of records.
I have done several BPL's that take either flat file data, or HL7 messages and insert them into SQL tables using a JDBC Stored Procedure call.
Looking over the Adapter you mention, how is that different than just inserting the data into a stored procedure to do the insert? It appears that you are creating the "Dynamic" SQL statement in the class file to be sent and executed. In the past I have tried making "Dynamic" SQL statements through a JDBC call and it slows the process down, because the SQL statement will have to be built in SQL before it executes. With Stored Procedures the SQL statement is already on the MS SQL database so it just needs to pass the variables, and doesn't have to add that extra step of validating, and building the SQL query before execution.
I do something similar to what you are trying to do, I Decode the PDF, save the PDF locally, and return a path to the DTL.
Several on the developer community helped me figure this out...
ClassMethod DecodeBase64HL7ToFile(base64 As %Stream.GlobalBinary, Ancillary As %String, FileName As %String) As %String
{
set ArchDir = "/ensemble/data/transfer/AncillaryPDF/"
set ArchAncDir = ArchDir_Ancillary_"/"
set FaxDateDir = ArchAncDir_$PIECE($ZDATE($HOROLOG,7)," ",1)_"-"_$PIECE($ZDATE($HOROLOG,7)," ",2)_"-1/"
if '##class(%Library.File).DirectoryExists(ArchDir)
{
do ##class(%Library.File).CreateDirectory(ArchDir)
}
if '##class(%Library.File).DirectoryExists(ArchAncDir)
{
do ##class(%Library.File).CreateDirectory(ArchAncDir)
}
if '##class(%Library.File).DirectoryExists(FaxDateDir)
{
do ##class(%Library.File).CreateDirectory(FaxDateDir)
}
set Oref = ##class(%FileBinaryStream).%New()
///$$$LOGINFO(FaxDateDir_FileName)
set Oref.Filename = FaxDateDir_FileName
Do base64.Rewind()
While 'base64.AtEnd {
set ln = base64.ReadLine()
set lnDecoded = $system.Encryption.Base64Decode(ln)
do Oref.Write(lnDecoded)
}
Do Oref.%Save()
set PDFFilePath = FaxDateDir_FileName
return PDFFilePath
}
I believe Intersystems has stopped any development/enhancements on the Atelier plug in. They are now more focusing on using Visual Studio Code. Personally I never got into Atelier, but Visual Studio Code seems to be better than IRIS Studio.
Does this make sense.. What if I didn't use the %SYS.OAuth2 library and just treat it as another POST object that I put in my Operation as OnInit()? Do you think that would work?
Where would I put the Key that they gave me?
{
"Key" : "xxxxxxxxxxxxxxxxxxxxxxxx",
"Id": "xxxxx",
"Secret": "xxxxx",
"Resource": "xxxxx",
"Instance" : "xxxxx"
}
When I attempt to "Discover and Save", I get....ERROR #6059: Unable to open TCP/IP socket to server localhost:80. But I do not want it to go out port 80.
So I re-read the vendor's documentation. They are using Oauth, and passing back a Token to use when sending Requests. Can I build Oauth into the Operation? If so does anyone have examples of doing this?
Do you really have to for authentication purposes? I think what I want to do is the following...
https://docs.intersystems.com/healthconnect20191/csp/docbook/Doc.View.c…
Is there any examples out there for this? How can this be done?
I haven't tried even building it yet to be sure. But it does need to be sent via HTTPS. How would I create a custom header for this?
Yes it does, I have asked for a new Certificate chain.
Thanks
I am seeing the same error, below is what my cconsole.log is displaying
03/03/21-12:57:08:095 (39846580) 0 tpopen for host www.osumc.edu device number 61400583 port 443 mode 0x8848 tcpmode 0x124 terminators ibfsz 8192 obfsz 8192 queuesize 5 timeout 5 tcpsbuf=0 tcprbuf=0, XY=of
f, BINDTO=10.82.124.91
03/03/21-12:57:08:095 (50397494) 0
SSL/TLS configuration: OSUWMC
03/03/21-12:57:08:097 (39846580) 0
Cipher list: ALL:!aNULL:!eNULL:!EXP:!SSLv2
03/03/21-12:57:08:097 (39846580) 0
Trusted certificate file: /ensemble/TestClin/mgr/LDAPKeyStore/OSUWMC_CA.cer
03/03/21-12:57:08:097 (39846580) 0
^MPeer verification option = 1, certificate depth = 9
03/03/21-12:57:08:097 (39846580) 0
SSL/TLS client requested.
03/03/21-12:57:08:100 (39846580) 0
Verify error with X.509 certificate at depth 2
03/03/21-12:57:08:100 (39846580) 0
Subject: /C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certification Authority
03/03/21-12:57:08:100 (39846580) 0
Issuer: /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
03/03/21-12:57:08:100 (39846580) 0
Error: 20, unable to get local issuer certificate
03/03/21-12:57:08:100 (39846580) 0
SSL/TLS error return from SSL_connect().
03/03/21-12:57:08:100 (39846580) 0
SSL_ERROR_SSL: protocol error
03/03/21-12:57:08:100 (39846580) 0
error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
03/03/21-12:57:08:100 (39846580) 0
TPXMIT saw TCP device fail
I was never able to get this to work, and now I have another case where I need to do something similar as I have a linked table that is dynamic and need to use as a filter in a router. Can someone see what I might be doing wrong?.png)
Thanks
Scott
I am not quiet sure your syntax is correct is probably should be
..Piece(source.{PV1:AlternateVisitID},"~",*)
or
source.{PV1:AlternateVisitID(~).IDNumber}
One way you can do this is using the function Piece.
https://docs.intersystems.com/latest/csp/docbook/DocBook.UI.Page.cls?KEY=RBAS_fpiece