• State Verified Answer
  • Locked Locked
  • Replies 1 reply
  • Subscribers 38 subscribers
  • Views 173 views
  • Users 0 members are here
Options
Related
This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

Security certificate problems using SDK in axis container

graham_fitter

The example SwisClient code creates and installs a trust manager to bypass the unsigned (I think) security certificate provided by the HTTPS connection. This works fine standalone and in the context of a tomcat container, but does not work in the context of an Axis container.

As a temporary measure, I've put a jssecacerts file containing the Solarwinds certificate in the JRE. However I need to get this running at several locations and manually generating the certificate for each server is going to be a pain.

So some questions:

Is it possible to bypass the security certificate another way?

If not, is it possible to stand up the web service using HTTP rather than HTTPS to avoid the whole security certificate problem in the first place.

If it helps, I'm using OrionSDK-v1.

Thanks in advance!

  • 0

    Yes, you can configure SWIS to speak HTTP in addition to (or instead of, if you prefer) HTTPS. To do this, you will need to edit C:\Program Files (x86)\SolarWinds\Orion\Information Service\2.0\SolarWinds.InformationService.Service.exe.config and make two changes. (I'll assume you are familiar with XPath. If not just let me know and I'll give a more explicit reference for these edits.)

    1. Under /configuration/system.serviceModel/services/service[@name='SolarWinds.InformationService.Core.InformationService']/, add a new endpoint element:

    <endpoint address="">localhost:17781/.../Orion" contract="SolarWinds.InformationService.Core.IInformationService" binding="basicHttpBinding" bindingConfiguration="HttpBasicInteropBinding" />

    2. Under /configuration/system.serviceModel/bindings/basicHttpBinding, add a new binding element:

    <binding name="HttpBasicInteropBinding">
      <security mode="TransportCredentialOnly">
        <transport clientCredentialType="Basic" />
      </security>
    </binding>

    Now you should be able to talk to SWIS using the same SOAP protocol, but with normal unencrypted HTTP over port 17781 rather than HTTPS over port 17778. Authentication is still using regular HTTP Basic authentication. Obviously this exposes credentials to anyone sniffing your traffic, but this is no different than logging into the Orion website without SSL.

    Hope that helps. Let me know if you run into problems with it.

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification Media Vault Link Accounts
About THWACK Blogs For Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2024 SolarWinds Worldwide, LLC. All Rights Reserved.