What is required to setup HTTPS Connection?
What is required to setup HTTPS Connection?
We have the initial Longreach setup working, but if I try to use the HTTPS connection I get an error "Transaction error: Connection error: Secure connection failed." We have an SSL certificate on this box. What do I need to do to get this to work?
Re: What is required to setup HTTPS Connection?
Several steps are required to configure LongReach for SSL.
Edit the file '/longreach/jsm/instance/system/httpd.xml'
Change attributes on the XML listen element.
Change the attribute secure="false" to secure="true".
The SSL server private key and public certificate come from the file specified in the attribute store="pki/wwwssl.jks".
You need to use a tool to generate an RSA private key and CA certificate and add these to the JKS keystore.
The CA certificate requires an AltSubjectName 'domainname' value that is equal to the domain name used for the HTTPS connection.
Edit the file '/longreach/jsm/instance/system/httpd.xml'
Change attributes on the XML listen element.
Change the attribute secure="false" to secure="true".
The SSL server private key and public certificate come from the file specified in the attribute store="pki/wwwssl.jks".
You need to use a tool to generate an RSA private key and CA certificate and add these to the JKS keystore.
The CA certificate requires an AltSubjectName 'domainname' value that is equal to the domain name used for the HTTPS connection.
Re: What is required to setup HTTPS Connection?
LongReach HTTP offers a strong level of protection from the LongReach App to the LongReach Server.
LongReach HTTP connections use an RSA 1024-bit asymmetric key and RC4 128-bit symmetric key mechanism similar to SSL to encrypt the data.
LongReach HTTPS/SSL connections still use the standard LongReach data encryption mechanism as well as the additional/duplicate protection offered by the SSL layer.
This capability allows you to use a HTTPS/SSL connection from the LongReach App to a 'public front-end reverse proxy box' (IIS, Apache) and then change to an internal HTTP connection to the LongReach server. This means that the data is encrypted across all machine and router boundaries.
LongReach HTTP connections use an RSA 1024-bit asymmetric key and RC4 128-bit symmetric key mechanism similar to SSL to encrypt the data.
LongReach HTTPS/SSL connections still use the standard LongReach data encryption mechanism as well as the additional/duplicate protection offered by the SSL layer.
This capability allows you to use a HTTPS/SSL connection from the LongReach App to a 'public front-end reverse proxy box' (IIS, Apache) and then change to an internal HTTP connection to the LongReach server. This means that the data is encrypted across all machine and router boundaries.
Re: What is required to setup HTTPS Connection?
We are currently working on documentation.
If you already have a private key and certificates signed by a well-known CA in your iSeries DCM. (iSeries Apache SSL server).
You can export this private key and certificate chain from the DCM into a PKCS#12 (.PFX) file.
Using LANSA LI Studio you can create an empty JKS file and import this key entry and certificate chain.
If the signing CA is well-known, Apple's iOS will accept the SSL connection with no additional configuration required on the iPad/iPhone.
Apple devices are strict with HTTPS connection and self signed certificates need to be correctly prepared and deployed to the device.
If you already have a private key and certificates signed by a well-known CA in your iSeries DCM. (iSeries Apache SSL server).
You can export this private key and certificate chain from the DCM into a PKCS#12 (.PFX) file.
Using LANSA LI Studio you can create an empty JKS file and import this key entry and certificate chain.
If the signing CA is well-known, Apple's iOS will accept the SSL connection with no additional configuration required on the iPad/iPhone.
Apple devices are strict with HTTPS connection and self signed certificates need to be correctly prepared and deployed to the device.