B2B Integration

 View Only
Expand all | Collapse all

HTTP connection error in WTX

  • 1.  HTTP connection error in WTX

    Posted Tue April 07, 2020 09:25 AM
    Hi Team, 

    I am trying to get the token from https url. Below is rule.
    GET("HTTP", "-URL https://123.com/connect/Token/ -METHOD POST -TV -HDR+ ", PACKAGE(tokenRequestInput))
    While using https connection, trace is showing a "GSK error with SSL connection is not established with target server"
    But when I use Postman tool, it is working.
    Please help me..

    ------------------------------
    Hemachandra G
    ------------------------------

    #SupplyChain
    #B2BIntegration


  • 2.  RE: HTTP connection error in WTX

    Posted Wed April 08, 2020 05:14 AM
    Hi Hemachandra,

    The GSK IO Error, means the SSL handshake has been failed with the server. Please check couple of things.

    1. What is the value of secure_mode in wtx_install_dir\dtx.ini?
    2. Does the server need 2 way SSL Authentication? Means, is server want Client Authentication as well? Because if Client Authentication is also forced by Server then you need to pass additional parameters to GET function for HTTP Resource Adapter. https://www.ibm.com/support/knowledgecenter/SSVSD8_8.4.1/com.ibm.websphere.dtx.adaphttp.doc/references/r_http_Client_Certificate_CERT.htm
    3. Postman handles the SSL the way your browser does with any SSL enabled HTTP site. So you don't get error there. However as ITX is used in Enterprises with security so this kind of features cannot be enabled in Enterprise products.
    Also as you enabled the tracing so please share the Trace File so I can check the error.


    Regards,

    ------------------------------
    BHARAT BALOTHIA
    ------------------------------



  • 3.  RE: HTTP connection error in WTX

    Posted Wed April 08, 2020 06:17 AM
    You may also enable the GSK Kit SSL tracing by setting the OS level environment variable GSK_TRACE_FILE. Please check the link for more details https://www.ibm.com/support/pages/how-enable-itx-gskit-trace-and-gskit-trace-diagnose-certificate-issues

    ------------------------------
    BHARAT BALOTHIA
    ------------------------------



  • 4.  RE: HTTP connection error in WTX

    Posted Wed April 08, 2020 08:13 AM
    Hi Barath,

    Thank you so much for reply.

    1. Secure mode is "0" for both SSL_CLIENT and SSL_SERVER in dtx.ini file.

    2. I think no authentication is required. I am hitting local server to get the token. Also if I change url from https to http, I am able to get the token. Only if I use https I am getting below error.
               WSAConnectSSL: GSK Error Code: 406, GSK_ERROR_IO.
               Failure: SSL connection NOT established with target server, <target server url>, on port, 443.

    3. Postman - both http and https working, and also I am not passing any authentication here. 
    4. Please find GSK trace file (filespec.zip) and normal trace file (m4http.mtr)as attachment. 

    ------------------------------
    Hemachandra G
    ------------------------------

    Attachment(s)

    zip
    filespec.zip   951 KB 1 version
    zip
    m4http.zip   958 B 1 version


  • 5.  RE: HTTP connection error in WTX

    Posted Tue April 14, 2020 10:24 AM
    Can someone please help out to solve this issue.​

    ------------------------------
    Hemachandra C G
    ------------------------------



  • 6.  RE: HTTP connection error in WTX

    Posted Tue April 14, 2020 02:37 PM
    As I mentioned I am trying to find the gsktrace utility, for a faster response please raise a support case in parallel.

    Regards,

    ------------------------------
    BHARAT BALOTHIA
    ------------------------------



  • 7.  RE: HTTP connection error in WTX

    Posted Tue April 14, 2020 02:35 PM
    Hi Hemachandra,

    The m4http file does not have any issue. I am trying to convert the filespec file in readable format using gsktrace utility, however I don't have that utility, I am trying to get that. In case, if you have that as part of the gskit (should be installed with WTX) then please convert the filespec file using using gsktrace utility using following syntax: gsktrace <source filename with path> <target filename with path> and then send me the readable output file.

    Regards,

    ------------------------------
    BHARAT BALOTHIA
    ------------------------------



  • 8.  RE: HTTP connection error in WTX

    Posted Fri April 17, 2020 04:31 AM
    Hi Barath,

    I don't have that utility. I tried with my fiends but no luck Barath. Kindly help me.

    Best regards,
    Hemachandra
    9916573141.

    ------------------------------
    Hemachandra G
    ------------------------------



  • 9.  RE: HTTP connection error in WTX

    Posted Wed April 22, 2020 10:24 AM
    Hi All,

    Small update.

    If I use the plain http url it is working.
    GET( "HTTP" , "-URL http://123.com/connect/Token -METHOD POST  -TV -HDR+ -TYPE application/x-www-form-urlencoded ", package(httpPayload))

    But for https I am getting below error.

    WTX Rule:
    GET( "HTTP" , "-URL https://123.com/connect/Token -METHOD POST  -TV -HDR+ -TYPE application/x-www-form-urlencoded ", package(httpPayload))

    Error:

    WSAConnectSSL: GSK Error Code: 406, GSK_ERROR_IO.
    Failure: SSL connection NOT established with target server, <target server url>, on port, 443.

    Thank you in advance !!


    ------------------------------
    Hemachandra G
    ------------------------------



  • 10.  RE: HTTP connection error in WTX

    Posted Thu April 23, 2020 09:33 AM
    Try any parameter required for HTTPS              
    -URL {HTTP|HTTPS}://[
    user[:pass]@][host[:port]][/dir[/file]]
                   [-CA
    filename]
                   [-CERT
    filename]
                   [-CPASS
    password]
                   [-FROM
    address]
                   [-HDR[+][I]]
                   [-IGNORE
    error_code[:error_code]]
                   [-INLINE]
                   [-KPASS
    password]
                   [-LSN
    seconds]
                   [-METHOD [
    method_name]]
                   [-MODIFIED
    http-date]
                   [-PKEY
    filename]
                   [-PROXY {HTTP|HTTPS}://[
    user[:pass]@][host[:port]][/dir[/file]]]
                   [-REDIRECT
    limit]
                   [-SESSION
    session_id [*]]
                   [-SOCKS {socks4|socks5}://[
    user[:pass]@][host[:port]]
                   [-SPROTO {SSLv2|SSLv3|SSLv23|TLSv1}]
                   [-STR {WEAK|STRONG|ANY}]
                   [-TIMEOUT
    time_in_seconds]
                   [-T[E][+][S|V] [
    full_path]]
                   [-TUNNELING]
                   [-TYPE
    content_type]


    ------------------------------
    Wai Man Wong
    ------------------------------



  • 11.  RE: HTTP connection error in WTX

    Posted Tue April 28, 2020 10:35 AM
    ​Hi Wai Man Wong,

    I tried most of the parameters, but no luck.

    My concern is when it is working with plain http URL and also working from postman (plain http and https both). But why it is not working if I use https URL.

    Thank you in advance !!

    ------------------------------
    Hemachandra G
    ------------------------------



  • 12.  RE: HTTP connection error in WTX

    Posted Tue April 28, 2020 10:31 PM
    ​Hi Hemachandra,

    As BHARAT mentioned, please open a support case to IBM to verify everything is fine.

    Do you have the public certificate of the HTTPs server imported to the signer certificate of the keystore if required?

    ;===============================================================================
    ; The "SSL_CLIENT" section is used by the WTX HTTP/S and FTP/S adapters.
    ;
    ;   a) The "secure_mode" entry is a global flag that requires WTX to be NIST
    ;       SP800-131a compliant when communicating via an SSL-based HTTP or FTP
    ;       connection.  This mode can enable the sole use of the TLSv1.2 protocol.
    ;       Use the following values to enforce the intended action across all
    ;       map SSL-based communications.
    ;       0 - Use TLS/SSL protocol, but no special security level is required
    ;       1 - Require NIST SP800-131a compliance
    ;       2 - Require TLS V1.2 protocol (which includes NIST SP800-131a)
    ;
    ;   b) The "key_store" entry specifies the full path for all personal and CA
    ;       certificate entries. 
    ;       If no path is specified, then it defaults to the INI directory.
    ;
    ;       NOTE:
    ;       The wtx_ssl example readme shows how to configure the "key_store" file.
    ;
    ;   c) The "key_stash" entry specifies the file which contains the password
    ;       required to open the key_store.
    ;       If this is uncommented, the following methods will be used, in order
    ;       of precedence.
    ;       INI entry:            key_pswd
    ;       Environment variable: WTX_SSL_KEYFILE_PSWD
    ;       Default:              changeit
    ;
    ;       NOTE:
    ;       The wtx_ssl example readme shows how to change the default password.
    ;
    ;   d) The "authentication" entry
    ;       on  - Requires SSL peer authentication
    ;       off - if authentication is not required (e.g. for testing purposes)
    ;
    ;       NOTE:
    ;       Even though 'off' is specified, the SSL protocol is still used for
    ;       encryption and data integrity - but without authentication.
    ;       Also, a non-zero secure_mode setting will supersede this setting.
    ;
    ;   e) The "cert_label" entry is the name of the default certificate in the key
    ;       store that is used for authentication purposes.
    ;
    ;   f) The "cert_label_global" entry determines whether cert label (if provided)
    ;       is global or not.
    ;       Set to 1 if cert label should be forced as a global label.
    ;       Set to 0 if cert label is default, but can be overriden by command line.
    ;
    ;   g) The "trace_file" entry specifies an SSL log file.  If path is not fully
    ;       qualified, it defaults to the WTX installation directory.
    ;
    ;   h) The "trace_mode" entry specifies the type of entries in the log file.
    ;       0 - None
    ;       1 - Error only (default)
    ;       2 - Standard
    ;       3 - Verbose
    ;
    ;   i) The "protocol_disable" entry disables specific SSL protocols when the
    ;       secure mode flag is set to 0.  Values can be added to disable
    ;       multiple protocols (e.g. 3 disables SSLv2 and SSLv3).
    ;       Default value = 3.
    ;       0  - none    (legacy behavior which disables no protocols)
    ;       1  - SSLv2   (disabled by default)
    ;       2  - SSLv3   (disabled by default)
    ;       4  - TLSv1
    ;       8  - TLSv11
    ;       16 - TLSv12
    ;
    ;===============================================================================
    [SSL_CLIENT]
    secure_mode=0
    key_store=wtx_keys.p12
    key_stash=wtx_keys.sth
    authentication=off
    cert_label=
    cert_label_global=0
    trace_file=wtxsslclient.log
    trace_mode=1
    protocol_disable=3

    [SPE]
    SPE_INSTALL_DIR=C:\IBM\Standards Processing Engine 9.0.0

    ------------------------------
    Wai Man Wong
    ------------------------------