1 Reply Latest reply on Apr 25, 2011 11:14 AM by tdanner

    Security certificate problems using SDK in axis container

    graham_fitter

      The example SwisClient code creates and installs a trust manager to bypass the unsigned (I think) security certificate provided by the HTTPS connection. This works fine standalone and in the context of a tomcat container, but does not work in the context of an Axis container.

      As a temporary measure, I've put a jssecacerts file containing the Solarwinds certificate in the JRE. However I need to get this running at several locations and manually generating the certificate for each server is going to be a pain.

      So some questions:

      Is it possible to bypass the security certificate another way?

      If not, is it possible to stand up the web service using HTTP rather than HTTPS to avoid the whole security certificate problem in the first place.

      If it helps, I'm using OrionSDK-v1.

      Thanks in advance!

        • Re: Security certificate problems using SDK in axis container
          tdanner

          Yes, you can configure SWIS to speak HTTP in addition to (or instead of, if you prefer) HTTPS. To do this, you will need to edit C:\Program Files (x86)\SolarWinds\Orion\Information Service\2.0\SolarWinds.InformationService.Service.exe.config and make two changes. (I'll assume you are familiar with XPath. If not just let me know and I'll give a more explicit reference for these edits.)

          1. Under /configuration/system.serviceModel/services/service[@name='SolarWinds.InformationService.Core.InformationService']/, add a new endpoint element:

          <endpoint address="http://localhost:17781/SolarWinds/InformationService/Orion" contract="SolarWinds.InformationService.Core.IInformationService" binding="basicHttpBinding" bindingConfiguration="HttpBasicInteropBinding" />

          2. Under /configuration/system.serviceModel/bindings/basicHttpBinding, add a new binding element:

          <binding name="HttpBasicInteropBinding">
            <security mode="TransportCredentialOnly">
              <transport clientCredentialType="Basic" />
            </security>
          </binding>

          Now you should be able to talk to SWIS using the same SOAP protocol, but with normal unencrypted HTTP over port 17781 rather than HTTPS over port 17778. Authentication is still using regular HTTP Basic authentication. Obviously this exposes credentials to anyone sniffing your traffic, but this is no different than logging into the Orion website without SSL.

          Hope that helps. Let me know if you run into problems with it.