I am having difficulty making connection to secured webservice. My service provider gave me a WSDL URL (which uses SSL Connection) and a PFX file. The service provider told us that WSDL can only be accessed by users belonging to our network.
So far I have tried:
(i) Exported key from given pfx file to separate keystore
(ii) Exported certificate to (a) java 's default truststore (b) seaparate store
I have set system properties:
System.setProperty("javax.net.ssl.keyStore", "C:/Test/keystore.jks");
System.setProperty("javax.net.ssl.keyStorePassword", "test123");
System.setProperty("javax.net.ssl.keyStoreType", "jks");
System.setProperty("javax.net.ssl.trustStore", "C:/Program Files/Java/jdk1.7.0_17/jre/lib/security/cacerts");
System.setProperty("javax.net.ssl.trustStorePassword", "changeit");
I am using latest versions of CXF & Java. I got several exceptions which I could resolve by Googling the issues, but I am finally struck with "could not send message exception". How can I deal with this exception?
Related
I am looking for a way to make a simple ftps server that will serve a single folder containing 2 files using a dedicated username:password pair.
The issue is that for security reasons I have two requirements:
The server will not give access (even read) to anything outside the specified folder (server has world readable files that should be only accessible by users having accounts on that server)
I don't want to tie the ftp server with existing users system (the entire ftp application and its config must be independent of the server configuration)
So far every tutorial I found is using pam to configure both vsftpd and proftpd,
while I want a simple config file having username:password:folder triplet eg:
backups:s3cr#t:/backups/origin
backups2:secret:/backups/anonymized
documents:secret:/var/www/data/documents
How can I do it with either vsftpd or proftpd?
I'm developing some code to connect my Beckhoff controller to microsoft Azure through MQTT Iot. To start I have used the example code provided by Beckhoff. Azure side is configured and I have the SAS Token. In Twincat I pasted the code and configured everything except the TLS/certification configuration since Beckhoff documentation it's a bit confusing at this point
https://infosys.beckhoff.com/content/1033/tf6701_tc3_iot_communication_mqtt/3528172299.html?id=376207444360410914
(¿CA is optional but mandatory at the same time?)
Anyway I tried to get a CA certificate to test. As I don't how/where to get it, I tried to export Baltimore certificate to a file with certmgr.exe but the format it is not .crt type as in documentation example. Export formats are cert and p7b type. If I try with any of these types of files I get a TLS validating error in connection.
I'm a bit lost at this moment so any steps to help me in this part?
I'm not familiar with certification/TLS so can you please guys provide some tips or info links focused in this matter so I can get this kind of certificates to validate the connection?
Thanks in advance.
The CA location is optional, since it will be searched for at its default location. Nevertheless, the CA file has to be at the specified location or at the default location. The CA file has to be saved with PEM formatting, but it doesn't matter which extension the file has.
The connection configuration regarding the SAS-token is different whether you connect to an azure-device or -module.
To connect to an azure-device, the following has to be configured:
sUserName := ''; and sUserPassword := '';
copy-paste the SAS-token from e.g. Azure Iot Explorer into stTLS.sAzureSas (the SAS-token is formatted like this: HostName=<hub-name>.azure-devices.net;DeviceId=<device-id>;SharedAccessSignature=SharedAccessSignature sr=<hub-name>.azure-devices.net%2Fdevices%2F<device-id>&sig=...&se=...)
To connect to an azure-module, the following has to be configured (like in python):
sUserName := '<hub-name>.azure-devices.net/<device>/<module>/?api-version=2018-06-30';
sUserPassword := 'SharedAccessSignature sr=<hub-name>.azure-devices.net%2Fdevices%2F<device-id>&sig=...&se=...'; (this is part of the SAS-token, copy everything after ...SharedAccessSignature=)
stTLS.sAzureSas := '';
Publishing messages, take care to send to only send to the expected topic, otherwise the message won't be sent and the connection temporarily lost.
(¿CA is optional but mandatory at the same time?)
Because you must connect over TLS/SSL, you will need to reference the DigiCert Baltimore Root Certificate to connect to Azure IoT Hub.
You can find this certificate in the Azure-iot-sdk-c repository
My recommendation is that you follow steps described in the documentation on how to Communicate with your IoT hub using the MQTT protocol
I need to find the WSDL of a proxy service that I have defined in the Oracle Service Bus.
Export WSDL option in the console gives me jar file which contains the .WSDL file but in a different format,
<WL5G3N0:definitions name="PollAddressFromDB-concrete" targetNamespace="http://xmlns.oracle.com/pcbpel/adapter/db/DBPoll_Adapter/PollAddressFromDB/PollAddressFromDB" xmlns:WL5G3N0="http://schemas.xmlsoap.org/wsdl/" xmlns:WL5G3N1="http://xmlns.oracle.com/pcbpel/adapter/db/DBPoll_Adapter/PollAddressFromDB/PollAddressFromDB" xmlns:WL5G3N2="http://schemas.xmlsoap.org/wsdl/soap/">
I want to run a test on my web service using Soap UI but Sap UI would not accept this WSDL format.
How and Where can I retrieve the actual WSDL file.
Thanks!
As SiKing mentioned, if it's a http proxy, just go to the endpoint URL and append ?wsdl to the end. SoapUI can create a project from that.
Please refer to my following answer How to access the WSDL URL of a OSB proxy service in web browser
Reproducing it here:
There are three ways to access an effective WSDL:
In a Web browser, enter the URL for an HTTP-based proxy service,
appended with ?WSDL. This works only for HTTP-transport-based services for which Oracle Service Bus can generate effective WSDLs.)
In a Web browser, enter the fixed HTTP URL, for example:
[http://host:port/sbresource?PROXY/project_path/proxy_service_name]
or
[http://host:port/sbresource?BIZ/project_path/business_service_name]
This works for all services for which Oracle Service Bus can generate effective WSDLs.
Export the WSDL from the console
I have problem creating tls-trust-store for connecting to the gmail account via IMAP in Mule ESB
If I delete "path" and "storePassword" fields in the imaps:tls-client and imaps:tls-trust-store tags I
can connect, but them I have to delete it every time I've change anything in the xml, cause Mule recreate this fields.
I've tried to get the key via openssl and create key via keytool application - but I've not succeed.
Can anyone help me with the right way how to create such things?
Mule recreate this fields
Mule doesn't alter your XML configuration ever. You're apparently dealing with Mule Studio bug that makes it remove valid XML configuration elements. This is a known faulty behaviour of Studio that is generally well known and being worked on fixing.
We are using ClientCertificate authentication with HttpWebRequest. For the client certificate authentication we are creating the X509Certificate from Pfx file and attached to the outgoing HttpWebRequest.
What we see is that after the request is created we are seeing to many temporary files in the folder : C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys
As we make more request we see that the number of temporary files created in C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys folder is increasing continuously.
We create the certificate from pfx file and then we set the key container. Expilicity access is granted using CryptoKeySecurity and CryptKeyAccessRule. The private method SetKeyContainerSecurity takes the CspKeyContainerInfo and CryptoSecurity. Then it uses the CryptAcquirecontext and CryptSetProvParam to set the key container security.
The issue we are facing is large number of temporary files getting created in the disk at location : C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys.
What is the correct approach to ensure that these temporary files are deleted.
Is the hotfix at http://support.microsoft.com/kb/931908 relevant? It addresses the issue "On a Windows Server 2003-based or Windows Server 2008-based client computer, the system does not delete a temporary file that is created when an application calls the "CryptQueryObject" function"