What is required to setup HTTPS Connection?

Use this Forum to post your “How to …” questions about your use of LongReach. This is not a technical support forum. Both the LongReach Support Team at LANSA and other LongReach customers may answer your questions. LANSA cannot guarantee the accuracy of any information posted by customers.
Post Reply
shaneyusa
Posts: 1
Joined: Thu Dec 22, 2011 5:43 am

What is required to setup HTTPS Connection?

Post by shaneyusa » Thu Dec 22, 2011 5:56 am

We have the initial Longreach setup working, but if I try to use the HTTPS connection I get an error "Transaction error: Connection error: Secure connection failed." We have an SSL certificate on this box. What do I need to do to get this to work?

alick
Posts: 67
Joined: Fri Dec 09, 2011 7:52 am

Re: What is required to setup HTTPS Connection?

Post by alick » Thu Dec 22, 2011 6:46 am

Several steps are required to configure LongReach for SSL.

Edit the file '/longreach/jsm/instance/system/httpd.xml'

Change attributes on the XML listen element.

Change the attribute secure="false" to secure="true".

The SSL server private key and public certificate come from the file specified in the attribute store="pki/wwwssl.jks".

You need to use a tool to generate an RSA private key and CA certificate and add these to the JKS keystore.

The CA certificate requires an AltSubjectName 'domainname' value that is equal to the domain name used for the HTTPS connection.

alick
Posts: 67
Joined: Fri Dec 09, 2011 7:52 am

Re: What is required to setup HTTPS Connection?

Post by alick » Thu Dec 22, 2011 8:17 am

LongReach HTTP offers a strong level of protection from the LongReach App to the LongReach Server.

LongReach HTTP connections use an RSA 1024-bit asymmetric key and RC4 128-bit symmetric key mechanism similar to SSL to encrypt the data.

LongReach HTTPS/SSL connections still use the standard LongReach data encryption mechanism as well as the additional/duplicate protection offered by the SSL layer.

This capability allows you to use a HTTPS/SSL connection from the LongReach App to a 'public front-end reverse proxy box' (IIS, Apache) and then change to an internal HTTP connection to the LongReach server. This means that the data is encrypted across all machine and router boundaries.

alick
Posts: 67
Joined: Fri Dec 09, 2011 7:52 am

Re: What is required to setup HTTPS Connection?

Post by alick » Sat Dec 24, 2011 11:48 am

We are currently working on documentation.

If you already have a private key and certificates signed by a well-known CA in your iSeries DCM. (iSeries Apache SSL server).

You can export this private key and certificate chain from the DCM into a PKCS#12 (.PFX) file.

Using LANSA LI Studio you can create an empty JKS file and import this key entry and certificate chain.

If the signing CA is well-known, Apple's iOS will accept the SSL connection with no additional configuration required on the iPad/iPhone.

Apple devices are strict with HTTPS connection and self signed certificates need to be correctly prepared and deployed to the device.

Post Reply