App Connect

Hi Team,

I am facing some issues while doing SSL configuration in ACE v11.

Using a self signed certificate I was able to test a dummy API which returns a status as SUCCESS.

However if I enable EnableTLSTrace to true in server.conf.yaml file(under HTTPSConnector), the same API throws error and return Error: read ECONNRESET when tested from postman.

In the integration server console.txt file I can see the below error is reported. The same API is not working when the trace is enabled. So can someone please explain what might be the reason here and what does this error means:

Error:

..U....WB1.0...U | PARSE ABORTED! An error occurred during parsing at offset 0x0000000a:
2020-08-25 16:01:08.048814 9892 SENT --> 127.0.0.1:59337 | 00000050: 0407 1307 4b4f 4c4b 4154 4131 0c30 0a06 ....KOL1.0.. | Message: OpenSSL failed to parse the ASN.1 encoded certificate into a valid X509 certificate

I am currently testing with only one way SSL and trying to understand the behavior.

Below command is used to generate a self signed cert:

keytool -genkey -alias mydomain -keyalg RSA -keystore keystore.jks -keysize 2048

Regards,
Saha

------------------------------
Prosanta Saha
------------------------------

Hi Saha, have you tried working with this IBM sample:
https://www.ibm.com/support/knowledgecenter/SSTTDS_11.0.0/com.ibm.etools.mft.doc/ap34020_.htm#ap34020_10

------------------------------
Matthias Jungbauer
------------------------------

Original Message:
Sent: Tue August 25, 2020 12:14 PM
From: Prosanta Saha
Subject: SSL setup not working in ACEv11

Hi Team,

I am facing some issues while doing SSL configuration in ACE v11.

Using a self signed certificate I was able to test a dummy API which returns a status as SUCCESS.

However if I enable EnableTLSTrace to true in server.conf.yaml file(under HTTPSConnector), the same API throws error and return Error: read ECONNRESET when tested from postman.

In the integration server console.txt file I can see the below error is reported. The same API is not working when the trace is enabled. So can someone please explain what might be the reason here and what does this error means:

Error:

..U....WB1.0...U | PARSE ABORTED! An error occurred during parsing at offset 0x0000000a:
2020-08-25 16:01:08.048814 9892 SENT --> 127.0.0.1:59337 | 00000050: 0407 1307 4b4f 4c4b 4154 4131 0c30 0a06 ....KOL1.0.. | Message: OpenSSL failed to parse the ASN.1 encoded certificate into a valid X509 certificate

I am currently testing with only one way SSL and trying to understand the behavior.

Below command is used to generate a self signed cert:

keytool -genkey -alias mydomain -keyalg RSA -keystore keystore.jks -keysize 2048

Regards,
Saha

------------------------------
Prosanta Saha
------------------------------

Thanks Matthias, however the command doesn't execute in my system. Getting the below error:


------------------------------
Prosanta Saha
------------------------------

Original Message:
Sent: Wed August 26, 2020 08:47 AM
From: Matthias Jungbauer
Subject: SSL setup not working in ACEv11

Hi Saha, have you tried working with this IBM sample:
https://www.ibm.com/support/knowledgecenter/SSTTDS_11.0.0/com.ibm.etools.mft.doc/ap34020_.htm#ap34020_10

------------------------------
Matthias Jungbauer

Original Message:
Sent: Tue August 25, 2020 12:14 PM
From: Prosanta Saha
Subject: SSL setup not working in ACEv11

Hi Team,

I am facing some issues while doing SSL configuration in ACE v11.

Using a self signed certificate I was able to test a dummy API which returns a status as SUCCESS.

However if I enable EnableTLSTrace to true in server.conf.yaml file(under HTTPSConnector), the same API throws error and return Error: read ECONNRESET when tested from postman.

In the integration server console.txt file I can see the below error is reported. The same API is not working when the trace is enabled. So can someone please explain what might be the reason here and what does this error means:

Error:

..U....WB1.0...U | PARSE ABORTED! An error occurred during parsing at offset 0x0000000a:
2020-08-25 16:01:08.048814 9892 SENT --> 127.0.0.1:59337 | 00000050: 0407 1307 4b4f 4c4b 4154 4131 0c30 0a06 ....KOL1.0.. | Message: OpenSSL failed to parse the ASN.1 encoded certificate into a valid X509 certificate

I am currently testing with only one way SSL and trying to understand the behavior.

Below command is used to generate a self signed cert:

keytool -genkey -alias mydomain -keyalg RSA -keystore keystore.jks -keysize 2048

Regards,
Saha

------------------------------
Prosanta Saha
------------------------------

Maybe this helps
https://www.ibm.com/support/pages/ordinal-could-not-be-located-dynamic-link-library-errors

------------------------------
Matthias Jungbauer
------------------------------

Original Message:
Sent: Thu August 27, 2020 09:17 AM
From: Prosanta Saha
Subject: SSL setup not working in ACEv11

Thanks Matthias, however the command doesn't execute in my system. Getting the below error:


------------------------------
Prosanta Saha

Original Message:
Sent: Wed August 26, 2020 08:47 AM
From: Matthias Jungbauer
Subject: SSL setup not working in ACEv11

Hi Saha, have you tried working with this IBM sample:
https://www.ibm.com/support/knowledgecenter/SSTTDS_11.0.0/com.ibm.etools.mft.doc/ap34020_.htm#ap34020_10

------------------------------
Matthias Jungbauer

Original Message:
Sent: Tue August 25, 2020 12:14 PM
From: Prosanta Saha
Subject: SSL setup not working in ACEv11

Hi Team,

I am facing some issues while doing SSL configuration in ACE v11.

Using a self signed certificate I was able to test a dummy API which returns a status as SUCCESS.

However if I enable EnableTLSTrace to true in server.conf.yaml file(under HTTPSConnector), the same API throws error and return Error: read ECONNRESET when tested from postman.

In the integration server console.txt file I can see the below error is reported. The same API is not working when the trace is enabled. So can someone please explain what might be the reason here and what does this error means:

Error:

..U....WB1.0...U | PARSE ABORTED! An error occurred during parsing at offset 0x0000000a:
2020-08-25 16:01:08.048814 9892 SENT --> 127.0.0.1:59337 | 00000050: 0407 1307 4b4f 4c4b 4154 4131 0c30 0a06 ....KOL1.0.. | Message: OpenSSL failed to parse the ASN.1 encoded certificate into a valid X509 certificate

I am currently testing with only one way SSL and trying to understand the behavior.

Below command is used to generate a self signed cert:

keytool -genkey -alias mydomain -keyalg RSA -keystore keystore.jks -keysize 2048

Regards,
Saha

------------------------------
Prosanta Saha
------------------------------

Hello Saha,

We faced the same issue you described and the solution we found was to disable the EnableTLSTrace property in server.conf.yaml.

We did a test with two Integration Servers and the same certificate, one was configured with EnableTLSTrace=true and the other one was configured with EnableTLSTrace=false. We deployed the same web service in both Integration Server and using the same browser to get the wsdl file, it only worked the retrieve of the wsdl that belongs to the web service deployed in the Integration Server that has the TLS trace disabled. Once we disable the TLS trace we are able to retrieve the wsdl file without errors.

We faced this behaviour in version 11.0.0.3, 11.0.0.7 and our current version 11.0.0.9

I know that this only to tell you that you are not alone with this issue.

Thanks.



------------------------------
Francisco A Buccafusca
Argentina
------------------------------

Original Message:
Sent: Tue August 25, 2020 12:14 PM
From: Prosanta Saha
Subject: SSL setup not working in ACEv11

Hi Team,

I am facing some issues while doing SSL configuration in ACE v11.

Using a self signed certificate I was able to test a dummy API which returns a status as SUCCESS.

However if I enable EnableTLSTrace to true in server.conf.yaml file(under HTTPSConnector), the same API throws error and return Error: read ECONNRESET when tested from postman.

In the integration server console.txt file I can see the below error is reported. The same API is not working when the trace is enabled. So can someone please explain what might be the reason here and what does this error means:

Error:

..U....WB1.0...U | PARSE ABORTED! An error occurred during parsing at offset 0x0000000a:
2020-08-25 16:01:08.048814 9892 SENT --> 127.0.0.1:59337 | 00000050: 0407 1307 4b4f 4c4b 4154 4131 0c30 0a06 ....KOL1.0.. | Message: OpenSSL failed to parse the ASN.1 encoded certificate into a valid X509 certificate

I am currently testing with only one way SSL and trying to understand the behavior.

Below command is used to generate a self signed cert:

keytool -genkey -alias mydomain -keyalg RSA -keystore keystore.jks -keysize 2048

Regards,
Saha

------------------------------
Prosanta Saha
------------------------------

Hi Francisco,

Thank you for sharing your experience.

This looks like some sort of bug in the version. We will raise a PMR on this and will let you know if we get any updates.

Regards,
Saha

------------------------------
Prosanta Saha
------------------------------

Original Message:
Sent: Sat October 10, 2020 02:18 PM
From: Francisco A Buccafusca
Subject: SSL setup not working in ACEv11

Hello Saha,

We faced the same issue you described and the solution we found was to disable the EnableTLSTrace property in server.conf.yaml.

We did a test with two Integration Servers and the same certificate, one was configured with EnableTLSTrace=true and the other one was configured with EnableTLSTrace=false. We deployed the same web service in both Integration Server and using the same browser to get the wsdl file, it only worked the retrieve of the wsdl that belongs to the web service deployed in the Integration Server that has the TLS trace disabled. Once we disable the TLS trace we are able to retrieve the wsdl file without errors.

We faced this behaviour in version 11.0.0.3, 11.0.0.7 and our current version 11.0.0.9

I know that this only to tell you that you are not alone with this issue.

Thanks.



------------------------------
Francisco A Buccafusca
Argentina

Original Message:
Sent: Tue August 25, 2020 12:14 PM
From: Prosanta Saha
Subject: SSL setup not working in ACEv11

Hi Team,

I am facing some issues while doing SSL configuration in ACE v11.

Using a self signed certificate I was able to test a dummy API which returns a status as SUCCESS.

However if I enable EnableTLSTrace to true in server.conf.yaml file(under HTTPSConnector), the same API throws error and return Error: read ECONNRESET when tested from postman.

In the integration server console.txt file I can see the below error is reported. The same API is not working when the trace is enabled. So can someone please explain what might be the reason here and what does this error means:

Error:

..U....WB1.0...U | PARSE ABORTED! An error occurred during parsing at offset 0x0000000a:
2020-08-25 16:01:08.048814 9892 SENT --> 127.0.0.1:59337 | 00000050: 0407 1307 4b4f 4c4b 4154 4131 0c30 0a06 ....KOL1.0.. | Message: OpenSSL failed to parse the ASN.1 encoded certificate into a valid X509 certificate

I am currently testing with only one way SSL and trying to understand the behavior.

Below command is used to generate a self signed cert:

keytool -genkey -alias mydomain -keyalg RSA -keystore keystore.jks -keysize 2048

Regards,
Saha

------------------------------
Prosanta Saha
------------------------------

I am seeing a very similar error in ACE 12.0.0.5. Was a PMR filed for the above and if so has it not been resolved?

Thank you,

Mark

------------------------------
Mark Caro
------------------------------

Original Message:
Sent: Sat October 10, 2020 02:37 PM
From: Prosanta Saha
Subject: SSL setup not working in ACEv11

Hi Francisco,

Thank you for sharing your experience.

This looks like some sort of bug in the version. We will raise a PMR on this and will let you know if we get any updates.

Regards,
Saha

------------------------------
Prosanta Saha

Original Message:
Sent: Sat October 10, 2020 02:18 PM
From: Francisco A Buccafusca
Subject: SSL setup not working in ACEv11

Hello Saha,

We faced the same issue you described and the solution we found was to disable the EnableTLSTrace property in server.conf.yaml.

We did a test with two Integration Servers and the same certificate, one was configured with EnableTLSTrace=true and the other one was configured with EnableTLSTrace=false. We deployed the same web service in both Integration Server and using the same browser to get the wsdl file, it only worked the retrieve of the wsdl that belongs to the web service deployed in the Integration Server that has the TLS trace disabled. Once we disable the TLS trace we are able to retrieve the wsdl file without errors.

We faced this behaviour in version 11.0.0.3, 11.0.0.7 and our current version 11.0.0.9

I know that this only to tell you that you are not alone with this issue.

Thanks.



------------------------------
Francisco A Buccafusca
Argentina

Original Message:
Sent: Tue August 25, 2020 12:14 PM
From: Prosanta Saha
Subject: SSL setup not working in ACEv11

Hi Team,

I am facing some issues while doing SSL configuration in ACE v11.

Using a self signed certificate I was able to test a dummy API which returns a status as SUCCESS.

However if I enable EnableTLSTrace to true in server.conf.yaml file(under HTTPSConnector), the same API throws error and return Error: read ECONNRESET when tested from postman.

In the integration server console.txt file I can see the below error is reported. The same API is not working when the trace is enabled. So can someone please explain what might be the reason here and what does this error means:

Error:

..U....WB1.0...U | PARSE ABORTED! An error occurred during parsing at offset 0x0000000a:
2020-08-25 16:01:08.048814 9892 SENT --> 127.0.0.1:59337 | 00000050: 0407 1307 4b4f 4c4b 4154 4131 0c30 0a06 ....KOL1.0.. | Message: OpenSSL failed to parse the ASN.1 encoded certificate into a valid X509 certificate

I am currently testing with only one way SSL and trying to understand the behavior.

Below command is used to generate a self signed cert:

keytool -genkey -alias mydomain -keyalg RSA -keystore keystore.jks -keysize 2048

Regards,
Saha

------------------------------
Prosanta Saha
------------------------------

Original Message:
Sent: 9/6/2022 11:29:00 AM
From: Mark Caro
Subject: RE: SSL setup not working in ACEv11

I am seeing a very similar error in ACE 12.0.0.5. Was a PMR filed for the above and if so has it not been resolved?

Thank you,

Mark

------------------------------
Mark Caro
------------------------------

Original Message:
Sent: Sat October 10, 2020 02:37 PM
From: Prosanta Saha
Subject: SSL setup not working in ACEv11

Hi Francisco,

Thank you for sharing your experience.

This looks like some sort of bug in the version. We will raise a PMR on this and will let you know if we get any updates.

Regards,
Saha

------------------------------
Prosanta Saha

Original Message:
Sent: Sat October 10, 2020 02:18 PM
From: Francisco A Buccafusca
Subject: SSL setup not working in ACEv11

Hello Saha,

We faced the same issue you described and the solution we found was to disable the EnableTLSTrace property in server.conf.yaml.

We did a test with two Integration Servers and the same certificate, one was configured with EnableTLSTrace=true and the other one was configured with EnableTLSTrace=false. We deployed the same web service in both Integration Server and using the same browser to get the wsdl file, it only worked the retrieve of the wsdl that belongs to the web service deployed in the Integration Server that has the TLS trace disabled. Once we disable the TLS trace we are able to retrieve the wsdl file without errors.

We faced this behaviour in version 11.0.0.3, 11.0.0.7 and our current version 11.0.0.9

I know that this only to tell you that you are not alone with this issue.

Thanks.



------------------------------
Francisco A Buccafusca
Argentina

Original Message:
Sent: Tue August 25, 2020 12:14 PM
From: Prosanta Saha
Subject: SSL setup not working in ACEv11

Hi Team,

I am facing some issues while doing SSL configuration in ACE v11.

Using a self signed certificate I was able to test a dummy API which returns a status as SUCCESS.

However if I enable EnableTLSTrace to true in server.conf.yaml file(under HTTPSConnector), the same API throws error and return Error: read ECONNRESET when tested from postman.

In the integration server console.txt file I can see the below error is reported. The same API is not working when the trace is enabled. So can someone please explain what might be the reason here and what does this error means:

Error:

..U....WB1.0...U | PARSE ABORTED! An error occurred during parsing at offset 0x0000000a:
2020-08-25 16:01:08.048814 9892 SENT --> 127.0.0.1:59337 | 00000050: 0407 1307 4b4f 4c4b 4154 4131 0c30 0a06 ....KOL1.0.. | Message: OpenSSL failed to parse the ASN.1 encoded certificate into a valid X509 certificate

I am currently testing with only one way SSL and trying to understand the behavior.

Below command is used to generate a self signed cert:

keytool -genkey -alias mydomain -keyalg RSA -keystore keystore.jks -keysize 2048

Regards,
Saha

------------------------------
Prosanta Saha
------------------------------

TLS is working fine for us as well using the HTTP Input and HTTP Request nodes.  The issue is if you set EnableTLSTrace parameter to true for the Integration Server hosting the HTTP Input node you get the error msg described in the post.  If you do not set this parameter all works fine.  I want to be able to see the TLS handshake in the console log for the HTTP Input node.  Below is the HTTPSConnector portion of the server.conf.yaml.

 

HTTPSConnector:

    KeyAlias: 'server-alias'

    ListenerPort: '8876'

    ReqClientAuth: 'true'

    EnableTLSTrace: true

 

Thanks,

Mark

------------------------------
Mark Caro
------------------------------

Original Message:
Sent: Tue September 06, 2022 11:53 AM
From: Susan Barker
Subject: SSL setup not working in ACEv11

What do you mean SSL is not working in ACEv11?

 

We have many https connections in ACEv11 and ACEv12.

 

Are you referring to the WebGui?

 

What does your yaml file look like?

 

Susan Barker

Lead MQ, ACE, ITX, Kafka, WAS Architect

Victory is nothing without humility, respect and charity...unknown

Let no one ever come to you without leaving happier...Mother Theresa

IBM WAS Advisory Board

IBM ACEvNext Beta Program

IBM MQvNext Beta Program

 

 

 

Original Message:
Sent: 9/6/2022 11:29:00 AM
From: Mark Caro
Subject: RE: SSL setup not working in ACEv11

I am seeing a very similar error in ACE 12.0.0.5. Was a PMR filed for the above and if so has it not been resolved?

Thank you,

Mark

------------------------------
Mark Caro

Original Message:
Sent: Sat October 10, 2020 02:37 PM
From: Prosanta Saha
Subject: SSL setup not working in ACEv11

Hi Francisco,

Thank you for sharing your experience.

This looks like some sort of bug in the version. We will raise a PMR on this and will let you know if we get any updates.

Regards,
Saha

------------------------------
Prosanta Saha

Original Message:
Sent: Sat October 10, 2020 02:18 PM
From: Francisco A Buccafusca
Subject: SSL setup not working in ACEv11

Hello Saha,

We faced the same issue you described and the solution we found was to disable the EnableTLSTrace property in server.conf.yaml.

We did a test with two Integration Servers and the same certificate, one was configured with EnableTLSTrace=true and the other one was configured with EnableTLSTrace=false. We deployed the same web service in both Integration Server and using the same browser to get the wsdl file, it only worked the retrieve of the wsdl that belongs to the web service deployed in the Integration Server that has the TLS trace disabled. Once we disable the TLS trace we are able to retrieve the wsdl file without errors.

We faced this behaviour in version 11.0.0.3, 11.0.0.7 and our current version 11.0.0.9

I know that this only to tell you that you are not alone with this issue.

Thanks.



------------------------------
Francisco A Buccafusca
Argentina

Original Message:
Sent: Tue August 25, 2020 12:14 PM
From: Prosanta Saha
Subject: SSL setup not working in ACEv11

Hi Team,

I am facing some issues while doing SSL configuration in ACE v11.

Using a self signed certificate I was able to test a dummy API which returns a status as SUCCESS.

However if I enable EnableTLSTrace to true in server.conf.yaml file(under HTTPSConnector), the same API throws error and return Error: read ECONNRESET when tested from postman.

In the integration server console.txt file I can see the below error is reported. The same API is not working when the trace is enabled. So can someone please explain what might be the reason here and what does this error means:

Error:

..U....WB1.0...U | PARSE ABORTED! An error occurred during parsing at offset 0x0000000a:
2020-08-25 16:01:08.048814 9892 SENT --> 127.0.0.1:59337 | 00000050: 0407 1307 4b4f 4c4b 4154 4131 0c30 0a06 ....KOL1.0.. | Message: OpenSSL failed to parse the ASN.1 encoded certificate into a valid X509 certificate

I am currently testing with only one way SSL and trying to understand the behavior.

Below command is used to generate a self signed cert:

keytool -genkey -alias mydomain -keyalg RSA -keystore keystore.jks -keysize 2048

Regards,
Saha

------------------------------
Prosanta Saha
------------------------------