Error enabling HTTPS port

Luis_Mesquita · July 24, 2014, 2:06am

Hi,

I am getting the following error while configuring an HTTPS port:

Failed to start HTTPSListener@5556: [ISS.0070.9044] Invalid character/s found in host name, DSA, in IP Access Allow list.

Regular HTTPS Listener Configuration
Port 5556
Package Name WmRoot
Bind Address (optional)
Backlog 200
Keep Alive Timeout 20000
Security Configuration
Client Authentication Username/Password
Listener Specific Credentials (Optional)
Keystore Alias demokeystore
Key Alias demoks
Truststore Alias empty

Note: I am not using a Truststore as I dont have a CA.

Keystore generated using:

C:\SoftwareAG\jvm\jvm170_64\bin>keytool -keystore demokeystore -genkey -alias demoks

keystore config:

Keystore Properties
Alias demokeystore
Description(optional) Test keystore
Type JKS
Provider SUN
Location C:\SoftwareAG\jvm\jvm170_64\bin\demokeystore
HSM Based Keystore false
Configured Key Aliases
demoks

Software
Product webMethods Integration Server
Version 9.0.1.0
Updates None
Build Number 1211
SSL Strong (128-bit)

Is this a bug or I am missing something?

Regards,

MR_as173d · July 24, 2014, 6:03am

Hi There,

Error is clearly stating that wrong in the IP Address Allowed List ? Can you kindly list down those values so that we can check and better guide you.

Thanks,

Luis_Mesquita · July 24, 2014, 9:50am

There aren’t any IP restrictions and it is set to allow by default.

And if a new non HTTPS port is setup it gets enabled corrrectly.

Regards,

Holger_von_Thomsen · July 24, 2014, 1:52pm

Can you share an extract from WmRoot/config/listener.cnf for the Listener HTTPSListener@5556?

Maybe this will shed some light on this.

Regards,
Holger

Luis_Mesquita · July 24, 2014, 6:24pm

Sure here it goes:

5556 HTTPS WmRoot false HTTPSListener@5556 f906a79b27903dc514223d69f59 webMethods/HTTP /WmRoot/configHTTP.dsp webMethods Regular none true 200 20000 -1 0 10000 false demoks demokeystore

Cheers,

Holger_von_Thomsen · July 25, 2014, 5:40pm

Just an idea:

Load your certificate as a truststore additionally and assign it.

Additionally can you share the distinguished Name (DN) of the certificate?
Maybe there is something wrong withit.

Regards.

Holger

Luis_Mesquita · July 25, 2014, 6:32pm

Hi Holger,

I am not using a certificate, just the SSH key and the Keystore.

But shouldn’t wM complain because I don’t have a certificate? I’ll try to generate a self signed and see what happens.

Priya_Bhauka · July 28, 2014, 3:04pm

Hi Luis,

I was facing the exact problem and i m glad I found the solution and could enable my port.

What I did was,

I created the key in the keystore as RFA key and generated a self signed certificate. Then I imported the self-signed certificate in a truststore and configured both the keystore and truststore with the https port.

Then my port got enabled! :), I came across in the error reerence guide that currently only RFA key types are supported, so may be you could give a try if you havent already.

Regards,
Priya

Luis_Mesquita · October 20, 2014, 10:11pm

Hi Priya,

You are most certainly right, thanks for the hint.

We can enable the HTTPS port by only using an RSA key in a self-signed certificate.

To do so just run this command:

keytool -genkey -alias testdomain -keyalg RSA -keystore testkeystore -keysize 2048

Just add the testkeystore to IS Keystore List on securtity > keystore and after this add it on the HTTPS port.

Cheers,

system · November 5, 2014, 10:01pm

Do you have to run the keytool to add certs for HTTPS ?