Topic
  • 10 replies
  • Latest Post - ‏2013-03-07T21:01:45Z by SystemAdmin
SystemAdmin
SystemAdmin
1192 Posts

Pinned topic SSL related exceptions using Geronimo

‏2013-03-06T23:31:42Z |
I'm getting the following SSL related exceptions when launching Geronimo.

2013.03.06 18:02:18.112 com.ibm.hats.common.connmgr.HodConnSpec verifySSLParams x6
WARNING HPS5001 The value "C:\Program Files (x86)\IBM\SDP/keyFile_160912.p12" of the attribute "SSLP12FilePath" in the XML element " *.hco <otherParameters> " is not a valid value.

2013.03.06 18:02:20.549 com.ibm.hats.runtime.connmgr.HodConn connectToHost x35
ERROR HPS5145 Cannot connect to the host using SSL. If importing a certificate is required for this SSL connection, make sure that it has been imported from the Telnet server into a valid PKCS12 file, and that the password (SSLP12Password) and path (SSLP12FilePath) for the PKCS12 file are specified correctly. The session properties are:
{History=false, WFConnectionUniqueId=, SESSION_QUIETMODE=true, autoReconnect=false, SSLP12FilePath=C:\Program Files (x86)\IBM\SDP/keyFile_160912.p12, port=2023, autoConnect=false, sessionID=HodConn:#1, SSL=true, host=*************, WFSharedConnection=false, codePageKey=KEY_US, screenSize=2, TNEnhanced=false, sessionType=1, WFEnabled=false, codePage=037, SSLP12Password=********} (CONNECTION_INACTIVE)

What is strange is this connect file is basically identical (only project name difference) to a connect file from a WAS targeted project I have. That project connects fine using the exact same port, host url and .p12 file (with password validated).

I also do not see why this would be an invalid value: <parameter name="SSLP12FilePath" value="keyFile_160912.p12"/>

I can popup the HATS terminal fine from the Geronimo project. I can run my connect macro as well as a subsequent extraction macro fine. I can see Geronimo running fine. What I cannot do, however, is call one of my web services. So if it can make a connection via the HATS terminal, why am I getting these exceptions and unable to execute my web services?

Thanks very much for any help offered!
Updated on 2013-03-07T21:01:45Z at 2013-03-07T21:01:45Z by SystemAdmin
  • tmparker
    tmparker
    518 Posts

    Re: SSL related exceptions using Geronimo

    ‏2013-03-06T23:53:23Z  
    Everything you explained below makes sense. The reason I believe it is probably failing is due to the fact that, at runtime, the IO's/web services have their own path in the code. This path would not get hit in the studio when you run the macro in the terminal.

    One question I have is do you see this problem if you test the web service in the studio using Web Service Explorer? I'm betting it will fail there but I would like to know for sure. More than likely this is an issue with the path and how Geronimo reads the value. Since you have a hard coded path to the file on your system and the slashes are mixed that might be the issue.

    One other test you can try for me is to see if this problem happens if you import the p12 file into the EAR instead of pointing to it on the file system.

    Thanks
    Tim
  • SystemAdmin
    SystemAdmin
    1192 Posts

    Re: SSL related exceptions using Geronimo

    ‏2013-03-07T05:53:49Z  
    • tmparker
    • ‏2013-03-06T23:53:23Z
    Everything you explained below makes sense. The reason I believe it is probably failing is due to the fact that, at runtime, the IO's/web services have their own path in the code. This path would not get hit in the studio when you run the macro in the terminal.

    One question I have is do you see this problem if you test the web service in the studio using Web Service Explorer? I'm betting it will fail there but I would like to know for sure. More than likely this is an issue with the path and how Geronimo reads the value. Since you have a hard coded path to the file on your system and the slashes are mixed that might be the issue.

    One other test you can try for me is to see if this problem happens if you import the p12 file into the EAR instead of pointing to it on the file system.

    Thanks
    Tim
    Hi Tim,

    Thanks very much for your reply. Below are some answers to your questions/comments.

    1. No, I have not tried tried it in the Web Services Explorer. I don't seem to have the option to do so. In the Services view, JAX-RPC, JAX-WS and REST are listed. The first two only have options to create a client or create a web service. REST has no right-click options. I'm not sure why that is the case...

    2. My .p12 file is actually imported into the project. I did not use the option to use a .p12 on a specific path. In fact, this .p12 is the same one used by the WAS project. I imported it there as well.

    A couple of other things,

    1. If I try to access the RESTful web service via IE or if I try to hit the project root in IE or via the RAD web browser, I get the message "The application has been disconnected for one of the following reasons" and "HPS5052 Cannot set up a connection to the host using the following session properties..." which lists the config as per my first post. The RAD log has the more detailed info I posted earlier.

    2. Perhaps I have simply created the web service incorrectly? I right-clicked on the IO and selected the option to "Create web service support files" (which produced three files). Now this is different than the WAS project. There I had a right click option to "Create RESTful web service". Have I done it incorrectly for a Geronimo targeted project? Even so, I would expect a different exception than what I am getting if I had not created the web service correctly. Furthermore, my connection macro must be causing some of those exceptions. Upon start up and without hitting the web service, I get the aforementioned exceptions. That has to be the connection macro causing that, right?

    3. I notice in the WAS targeted project, web.xml references the IBMRestServlet and has a servlet mapping. In the Geronimo targeted project I don't see anything Axis-wise in web.xml to handle RESTful web service calls. Is that to be expected?

    Again, thanks very much for replying Tim!
  • tmparker
    tmparker
    518 Posts

    Re: SSL related exceptions using Geronimo

    ‏2013-03-07T17:17:16Z  
    Hi Tim,

    Thanks very much for your reply. Below are some answers to your questions/comments.

    1. No, I have not tried tried it in the Web Services Explorer. I don't seem to have the option to do so. In the Services view, JAX-RPC, JAX-WS and REST are listed. The first two only have options to create a client or create a web service. REST has no right-click options. I'm not sure why that is the case...

    2. My .p12 file is actually imported into the project. I did not use the option to use a .p12 on a specific path. In fact, this .p12 is the same one used by the WAS project. I imported it there as well.

    A couple of other things,

    1. If I try to access the RESTful web service via IE or if I try to hit the project root in IE or via the RAD web browser, I get the message "The application has been disconnected for one of the following reasons" and "HPS5052 Cannot set up a connection to the host using the following session properties..." which lists the config as per my first post. The RAD log has the more detailed info I posted earlier.

    2. Perhaps I have simply created the web service incorrectly? I right-clicked on the IO and selected the option to "Create web service support files" (which produced three files). Now this is different than the WAS project. There I had a right click option to "Create RESTful web service". Have I done it incorrectly for a Geronimo targeted project? Even so, I would expect a different exception than what I am getting if I had not created the web service correctly. Furthermore, my connection macro must be causing some of those exceptions. Upon start up and without hitting the web service, I get the aforementioned exceptions. That has to be the connection macro causing that, right?

    3. I notice in the WAS targeted project, web.xml references the IBMRestServlet and has a servlet mapping. In the Geronimo targeted project I don't see anything Axis-wise in web.xml to handle RESTful web service calls. Is that to be expected?

    Again, thanks very much for replying Tim!
    Do you have this problem with a standard web service or only when you run a RESTful web service?
  • SystemAdmin
    SystemAdmin
    1192 Posts

    Re: SSL related exceptions using Geronimo

    ‏2013-03-07T17:36:17Z  
    • tmparker
    • ‏2013-03-07T17:17:16Z
    Do you have this problem with a standard web service or only when you run a RESTful web service?
    Hi Tim,

    That's a good question. The thing is, from the HATS Project view, I only have a right click option when clicking on the Integration Object of, "Create Web Service Support Files..." When I do this, it creates 3 files including a "output properties" and "input properties" class file. There is no place to choose SOAP or RESTful, so I presumed it was only creating RESTful for Geronimo as I did not have to do any WSDL myself.
  • SystemAdmin
    SystemAdmin
    1192 Posts

    Re: SSL related exceptions using Geronimo

    ‏2013-03-07T17:37:18Z  
    • tmparker
    • ‏2013-03-07T17:17:16Z
    Do you have this problem with a standard web service or only when you run a RESTful web service?
    And as I noted, I'm getting those errors on app launch (with no calls to the WS made) as well as later when I try to hit the WS. The former has to be coming from my connection macro, right?
  • SystemAdmin
    SystemAdmin
    1192 Posts

    Re: SSL related exceptions using Geronimo

    ‏2013-03-07T19:29:41Z  
    • tmparker
    • ‏2013-03-07T17:17:16Z
    Do you have this problem with a standard web service or only when you run a RESTful web service?
    Hey Tim, one other thing to mention. I'm not using Geronimo Eclipse Plugin (GEP) like the docs mentioned. Instead, on the Add a New Server popup, there is a link to "Download additional adaptors". Geronimo was listed as one of the adaptors I could choose from so I did that. I was able to add my ear to the server as well as start and stop it. Can you advise please how GEP differs from what I did and/or was what I did incorrect? Thanks very much!
  • tmparker
    tmparker
    518 Posts

    Re: SSL related exceptions using Geronimo

    ‏2013-03-07T19:31:35Z  
    Hi Tim,

    That's a good question. The thing is, from the HATS Project view, I only have a right click option when clicking on the Integration Object of, "Create Web Service Support Files..." When I do this, it creates 3 files including a "output properties" and "input properties" class file. There is no place to choose SOAP or RESTful, so I presumed it was only creating RESTful for Geronimo as I did not have to do any WSDL myself.
    Ok, so lets start with the simple scenario here, a basic web service using SSL. I just created a new project and recorded a simple macro that logs on, extracts some data and logs off. I am running with SSL. Macro runs fine in the terminal so I created the IO. Then I created the web service support files from the IO. Now I go into the Source folder, where the class file was created from the IO, and I right clicked on that and went to the option Web Services->Create Web Service. I left everything as is and went through and hit Finish. The web service then published to Geronimo. I then went to the Web Service Definitions folder, under Web Content in the HATS Project view, and I right clicked on the WSDL and chose Web Services->Test with Web Services Explorer. The browser opened and I selected the web service I created, hit Go, and the web service ran and returned to me the extracted data I was expecting.

    If this much is not working for you then there is most likely something setup wrong in your studio or some other issue in your environment.

    For reference, here is my environment:
    RAD Version: 8.5.1
    Build ID: RADO851iFix1-I20121207_0152

    HATS 8.5.0.2

    Geronimo 2.2.1

    Also, for the SSL file I chose the option to import the keystore into the project.

    Let me know if you can get this far.

    Thanks
    Tim
  • tmparker
    tmparker
    518 Posts

    Re: SSL related exceptions using Geronimo

    ‏2013-03-07T19:36:19Z  
    • tmparker
    • ‏2013-03-07T19:31:35Z
    Ok, so lets start with the simple scenario here, a basic web service using SSL. I just created a new project and recorded a simple macro that logs on, extracts some data and logs off. I am running with SSL. Macro runs fine in the terminal so I created the IO. Then I created the web service support files from the IO. Now I go into the Source folder, where the class file was created from the IO, and I right clicked on that and went to the option Web Services->Create Web Service. I left everything as is and went through and hit Finish. The web service then published to Geronimo. I then went to the Web Service Definitions folder, under Web Content in the HATS Project view, and I right clicked on the WSDL and chose Web Services->Test with Web Services Explorer. The browser opened and I selected the web service I created, hit Go, and the web service ran and returned to me the extracted data I was expecting.

    If this much is not working for you then there is most likely something setup wrong in your studio or some other issue in your environment.

    For reference, here is my environment:
    RAD Version: 8.5.1
    Build ID: RADO851iFix1-I20121207_0152

    HATS 8.5.0.2

    Geronimo 2.2.1

    Also, for the SSL file I chose the option to import the keystore into the project.

    Let me know if you can get this far.

    Thanks
    Tim
    The adapters are pretty much the same. The only thing I noticed in mine was that the built-in option to install the Geronimo plugin only went to version 2.1. I selected the 2.2 version to install when I used to the update site. I don't think that will make a difference in this case for what we are doing. That is just to allow you to create an instance of the server in the studio. It that part works then you should be good to go.
  • tmparker
    tmparker
    518 Posts

    Re: SSL related exceptions using Geronimo

    ‏2013-03-07T19:41:23Z  
    • tmparker
    • ‏2013-03-07T19:36:19Z
    The adapters are pretty much the same. The only thing I noticed in mine was that the built-in option to install the Geronimo plugin only went to version 2.1. I selected the 2.2 version to install when I used to the update site. I don't think that will make a difference in this case for what we are doing. That is just to allow you to create an instance of the server in the studio. It that part works then you should be good to go.
    OK, did some more research into the RESTful web services with Geronimo. Found this page explaining it more, https://cwiki.apache.org/GMOxDOC21/developing-a-simple-restful-service.html. Looks like you have to manually so some steps to make Geronimo work with RESTful.
  • SystemAdmin
    SystemAdmin
    1192 Posts

    Re: SSL related exceptions using Geronimo

    ‏2013-03-07T21:01:45Z  
    • tmparker
    • ‏2013-03-07T19:31:35Z
    Ok, so lets start with the simple scenario here, a basic web service using SSL. I just created a new project and recorded a simple macro that logs on, extracts some data and logs off. I am running with SSL. Macro runs fine in the terminal so I created the IO. Then I created the web service support files from the IO. Now I go into the Source folder, where the class file was created from the IO, and I right clicked on that and went to the option Web Services->Create Web Service. I left everything as is and went through and hit Finish. The web service then published to Geronimo. I then went to the Web Service Definitions folder, under Web Content in the HATS Project view, and I right clicked on the WSDL and chose Web Services->Test with Web Services Explorer. The browser opened and I selected the web service I created, hit Go, and the web service ran and returned to me the extracted data I was expecting.

    If this much is not working for you then there is most likely something setup wrong in your studio or some other issue in your environment.

    For reference, here is my environment:
    RAD Version: 8.5.1
    Build ID: RADO851iFix1-I20121207_0152

    HATS 8.5.0.2

    Geronimo 2.2.1

    Also, for the SSL file I chose the option to import the keystore into the project.

    Let me know if you can get this far.

    Thanks
    Tim
    Hi Tim,

    OK, I apparently DID miss a crucial step... I only created the WS supporting files (doh). I did not realize I then needed to right click on one of those to then create the WS. I guess I got spoiled with RAD/WAS. When I do that, then I can in fact go into the WS definitions folder and right click test with the WS explorer. Now, I'm still getting the same exception but at least it is coming back in the WS explorer ;-) I'm also going to read the link about creating RESTful web services you gave me. It definitely seems a lot easier to create RESTful web services with RAD/WAS. Part of the reason though for this exercise is because as a small developer, Geronimo being free is rather appealing. On the other hand, someone recently told me, however, that when you buy a license for HATS, you get a license to deploy your app on WAS? Is that so? I'm looking for hosting solutions right now and that is another reason I've been looking more seriously at Geronimo. On the other hand, if I did get a WAS license to use with my HATS app and I could find an affordable hosting solution that has WAS as an option, I'd go with that... :-)