Hi,

I want to set up https port for my Integration Server.
I created a https port with access mode as allow and IP access as allow.
I have created default keystore, trustsore on the same IS.
But when I try to open the IS Admin console using the secure port, it pops the security certificate warning.
I say continue for this website, it prompts for the user/pass.
But when I enter the default password or AD user/pass, it does not let me in.
It prompts back the same user/pass window.

Below are the error messages in the server log.

[1126]2017-01-10 11:25:02 GMT [ISS.0053.0002C] Access denied for user sesrvac115 on port 5556 → ‘’ from 153.88.245.151.
[1125]2017-01-10 11:24:57 GMT [ISS.0012.0012W] Authentication of user “sesrvac115” failed with exception: Login Failure: all modules ignored.
[1124]2017-01-10 11:24:36 GMT [ISS.0053.0002C] Access denied for user Administrator on port 5556 → ‘’ from 153.88.245.151.
[1123]2017-01-10 11:24:34 GMT [ISS.0012.0012W] Authentication of user “Administrator” failed with exception: Login Failure: all modules ignored

Why is the authentication not happening with https?
What seems to be missing?

What’s the “Client Authentication” property of this https port?

Hi,

Please verify the Client Authentication part once again.
If you have set it to UserName/Password or any other thing.

Regards,
Syed Faraz Ahmed

Hi,

Yes, client authentication is UserName/Password only.
Still it does not work.

Regards,
Revathi

Hi Revathi,

Can you please take a screenshot of the port details and paste it here.
Also, try increasing the log level for HTTPS Listeners and see if you are able to track any thing from there.

Regards,
Syed Faraz Ahmed

attaching screen shot of https port

https://higherlogicdownload.s3.amazonaws.com/IMWUC/webMethods/Files3/2a142a6187c0917278d260f9bd399120662459f7_2_1033x580.png 1.5x, https://higherlogicdownload.s3.amazonaws.com/IMWUC/webMethods/Files/2a142a6187c0917278d260f9bd399120662459f7.png 2x" data-dominant-color="E6EEF2">

https.png1374×771 109 KB

Error messages with a high level of logging produces below logs when I try to log into https port via browser –

[15154]2017-01-11 08:02:09 GMT [ISS.0053.0002C] Access denied for user Administrator on port 5556 → ‘’ from 153.88.245.151.
[15153]2017-01-11 08:02:06 GMT [ISS.0012.0008T] User “local/Administrator” already authenticated in session caed496094061ae39279a7441e1196c1; skipping authentication.
[15152]2017-01-11 08:02:06 GMT [ISS.0012.0006T] Client provided session ID caed496094061ae39279a7441e1196c1 for an existing session.
[15151]2017-01-11 08:02:06 GMT [ISS.0012.0008T] User “local/Administrator” already authenticated in session caed496094061ae39279a7441e1196c1; skipping authentication.
[15150]2017-01-11 08:02:06 GMT [ISS.0012.0006T] Client provided session ID caed496094061ae39279a7441e1196c1 for an existing session.
[15149]2017-01-11 08:02:06 GMT [ISS.0012.0009D] Successfully authenticated user “local/Administrator”.
[15148]2017-01-11 08:02:06 GMT [ISS.0012.9999D] AuthnCacheManager caching record for user Administrator
[15147]2017-01-11 08:02:06 GMT [ISS.0012.0047T] No X509 certificate chain found.
[15146]2017-01-11 08:02:06 GMT [ISS.0012.0036D] No user found corresponding to the passed SAML assertion.
[15145]2017-01-11 08:02:06 GMT [ISS.0012.0006T] Client provided session ID caed496094061ae39279a7441e1196c1 for an existing session.
[15144]2017-01-11 08:02:03 GMT [ISS.0012.0012W] Authentication of user “Administrator” failed with exception: Login Failure: all modules ignored.
[15143]2017-01-11 08:02:03 GMT [ISS.0012.0050T] Basic authentication, no user found.
[15142]2017-01-11 08:02:03 GMT [ISS.0012.0047T] No X509 certificate chain found.
[15141]2017-01-11 08:02:03 GMT [ISS.0012.0036D] No user found corresponding to the passed SAML assertion.

From the Screenshot i got it like you are using Digest as Client Authentication.

Attaching the same screenshot you sent highlighting the part that should be made as username/password.

Regards,
Syed Faraz Ahmed

hey thanks.
Now I can open the https url when I set to username/password via browser.

Next, I want to invoke a RESTful service on IS via a REST client using the https port.

Is there any additional setting I need to do on the IS / Rest client?

Just cross verify the following things.

1. watt.server.RESTDirective is set
2. Provide basic authentication and give the credentials there.

Regards,
Syed Faraz Ahmed

watt.server.RESTDirective=rest

This has been set by default.

Rest service is working over http port.

But not over https port, via the Chrome Advanced Rest Client.

It initially complained for a plug-in.
After installing the Chrome plug-in, the it says https URL is unreachable.

How to crack this?

It’s supposed need no extra plugin. Could you attache some screenshots?
Sometimes Chrome will complain for a low level encryption in communication. Have you tried other web browsers?

I worked using chrome for testing most of the rest services.
There will be many client similar to Advanced Rest Client which can be added from chrome apps. I used Postman client.

Can you share the screenshot while you are sending the request along with the error that you are getting.

Regards,
Syed Faraz Ahmed

Hi,

Attached is the screenshot of the error which we get while trying with https port.
Please advice.

Thanks,
Monica

Hi Monica,

Are you using any client for invoking the Rest API’s?

Regards,
Syed Faraz Ahmed

Yes… We are testing from advanced rest client.

Can you share the Https port details?

Also, please share the rest client screenshot.

Regards,
Syed Faraz Ahmed

Attaching screenshot

https://higherlogicdownload.s3.amazonaws.com/IMWUC/webMethods/Files3/f188b9a45acc12bcf89263f324a0db96c2dec08d_2_1035x582.png 1.5x, https://higherlogicdownload.s3.amazonaws.com/IMWUC/webMethods/Files3/f188b9a45acc12bcf89263f324a0db96c2dec08d_2_1380x776.png 2x" data-dominant-color="F0F5F6">

RestClient.png1600×900 121 KB

port_https.png391×600 17.2 KB

Configuration seems to be correct.

Some Rest Client will not work with invalid certificates. So for Advanced rest client you need to install and add-on ARC Cookie extension.

After installing add-on just enable “USE HDR” setting in Advanced rest client.

This should enable you to send and receive content.

Regards,
Syed Faraz Ahmed

Thanks Faraz.

After installing cookie extension and enabling the XHR, getting error as below

https://higherlogicdownload.s3.amazonaws.com/IMWUC/webMethods/Files/a6ca81583c299b3263fe0436a037da0c30d63306.png 1.5x, https://higherlogicdownload.s3.amazonaws.com/IMWUC/webMethods/Files/a6ca81583c299b3263fe0436a037da0c30d63306.png 2x" data-dominant-color="FBF7F7">

XHRenabled.png879×205 11.1 KB

please make sure the xpath that you have used while invoking service is correct.

Regards,
Syed Faraz Ahmed

I have used same xpath which I used for http. expect the port number.

like: http://host:5555/rest/folderName/REST and https://host:5556/rest/folderName/REST

Is there anything which I’m missing out.

Why you are putting “/Rest” at the end?
Remove that and try invoking the service.

Regards,
Syed Faraz Ahmed

Hi,

/REST is a folder where _post resides. I tried removing that its a same issue.

The requested URL can’t be reached
The service might be temporarily down or it may have moved permanently to a new web address.
Network error.

In that case folder name should be present.

What is the access mode of the Https Port?
Set it to allow by default.

Regards,
Syed Faraz Ahmed

Hi Faraz,

Access mode is allow by default.

Hi Monica,

Following things needs to be taken care.

1. ACL’s for the service should be allowed to the user.
2. Port Acess should be enabled.
3. IP Acess Should be enabled.
4. Path should be correct for the asset/Service.

When you say Service cannot be accessed then two things come into picture here.

1. Path is incorrect,
2. check connectivity between the server and client.

Regards,
Syed Faraz Ahmed

Hi Faraz,

All the settings mentioned are in place. It works for http but not for https. So I guess there is no connectivity issue also.
How do we get IS cert installed on Chrome browser/ Advanced Rest Client.

As far as i know there can be only two reasons.
Either path is incorrect or connectivity issue.

You can import certificates by following the below path:

Go to chrome settings → Search for HTTPS → Manage Certificates → Import.

Regards,
Syed Faraz Ahmed