cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post

Security certificate problems using SDK in axis container

Jump to solution

The example SwisClient code creates and installs a trust manager to bypass the unsigned (I think) security certificate provided by the HTTPS connection. This works fine standalone and in the context of a tomcat container, but does not work in the context of an Axis container.

As a temporary measure, I've put a jssecacerts file containing the Solarwinds certificate in the JRE. However I need to get this running at several locations and manually generating the certificate for each server is going to be a pain.

So some questions:

Is it possible to bypass the security certificate another way?

If not, is it possible to stand up the web service using HTTP rather than HTTPS to avoid the whole security certificate problem in the first place.

If it helps, I'm using OrionSDK-v1.

Thanks in advance!

Tags (1)
0 Kudos
1 Solution
Level 19

Yes, you can configure SWIS to speak HTTP in addition to (or instead of, if you prefer) HTTPS. To do this, you will need to edit C:\Program Files (x86)\SolarWinds\Orion\Information Service\2.0\SolarWinds.InformationService.Service.exe.config and make two changes. (I'll assume you are familiar with XPath. If not just let me know and I'll give a more explicit reference for these edits.)

1. Under /configuration/system.serviceModel/services/service[@name='SolarWinds.InformationService.Core.InformationService']/, add a new endpoint element:

<endpoint address="http://localhost:17781/SolarWinds/InformationService/Orion" contract="SolarWinds.InformationService.Core.IInformationService" binding="basicHttpBinding" bindingConfiguration="HttpBasicInteropBinding" />

2. Under /configuration/system.serviceModel/bindings/basicHttpBinding, add a new binding element:

<binding name="HttpBasicInteropBinding">
  <security mode="TransportCredentialOnly">
    <transport clientCredentialType="Basic" />
  </security>
</binding>

Now you should be able to talk to SWIS using the same SOAP protocol, but with normal unencrypted HTTP over port 17781 rather than HTTPS over port 17778. Authentication is still using regular HTTP Basic authentication. Obviously this exposes credentials to anyone sniffing your traffic, but this is no different than logging into the Orion website without SSL.

Hope that helps. Let me know if you run into problems with it.

View solution in original post

0 Kudos
1 Reply
Level 19

Yes, you can configure SWIS to speak HTTP in addition to (or instead of, if you prefer) HTTPS. To do this, you will need to edit C:\Program Files (x86)\SolarWinds\Orion\Information Service\2.0\SolarWinds.InformationService.Service.exe.config and make two changes. (I'll assume you are familiar with XPath. If not just let me know and I'll give a more explicit reference for these edits.)

1. Under /configuration/system.serviceModel/services/service[@name='SolarWinds.InformationService.Core.InformationService']/, add a new endpoint element:

<endpoint address="http://localhost:17781/SolarWinds/InformationService/Orion" contract="SolarWinds.InformationService.Core.IInformationService" binding="basicHttpBinding" bindingConfiguration="HttpBasicInteropBinding" />

2. Under /configuration/system.serviceModel/bindings/basicHttpBinding, add a new binding element:

<binding name="HttpBasicInteropBinding">
  <security mode="TransportCredentialOnly">
    <transport clientCredentialType="Basic" />
  </security>
</binding>

Now you should be able to talk to SWIS using the same SOAP protocol, but with normal unencrypted HTTP over port 17781 rather than HTTPS over port 17778. Authentication is still using regular HTTP Basic authentication. Obviously this exposes credentials to anyone sniffing your traffic, but this is no different than logging into the Orion website without SSL.

Hope that helps. Let me know if you run into problems with it.

View solution in original post

0 Kudos