HTTPS call from external client to WM IS

Guest · July 8, 2005, 1:00am

Hi,
A customer wants to access my WM IS through HTTPS through a java client. When he tried to access WM IS, getting the below excpetion.
Could anyone please tell me what I have to do?
Thanks in advance …

Exception in thread “main” javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Sou
rce)
at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect
(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(Unknown S
ource)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(Unk
nown Source)
at stream.main(stream.java:20)
Caused by: java.io.EOFException: SSL peer shut down incorrectly
at com.sun.net.ssl.internal.ssl.InputRecord.read(Unknown Source)

Guest · July 8, 2005, 1:11am

Addition to the above message …
By using the link from the java client it trying to invoke a service in WM IS. When HTTP was used it was working fine, getting the output.
(http://localhost:5555/..../servicename?)
When HTTPS is used what I have to do in IS.

fred.hartman.5916 · July 8, 2005, 2:11am

Do you have an HTTPS port defined in IS? Use the IS Admin Security >
Ports page to set it up. You can test it from a browser.

I think there are two interesting options: whether to require certificates and whether the client supports a SSL encryption algorithm that can be negotiated in the handshake. IS ships with a 3rd party security libraries from Entrust, so it should support any algorithm that most clients have although you may want to install the enhanced JCE libs that are a separately downloadable component from most JRE vendors.

HTH,
Fred

Guest · July 8, 2005, 2:29am

Hi Fred,

Thanks a lot.
As suggested, I tried to define the HTTPS port.
but I am getting an error when i tried to enable that…

“Failed to start HTTPSListener@5556: [ISS.0070.9014] Private key file does not exist”

Sunny

wMusers.Com1 · July 8, 2005, 7:30am

Sunny,

In order to enable an HTTPS port you will need a certificate assigned to your server. You’ll need to put the certificate’s private key in a directory that you specify.

You can use the WM-provided certificate toolkit to create a certificate signing request that would be signed by an internal certifying authority or an external one like Entrust or Verisign.

You can also use the open source OpenSSL toolkit to create a self-signed certificate.

Search the WMUsers discussion forums for posts related to OpenSSL for information on that.

Lastly, there is probably already someone in your (or your client’s) organization that is responsible for maintaining the certs for the various web servers there. They can probably help you learn what corporate standards you need to follow.

HTH,

Mark