How can SSL be switch off for an Orbix 6.3 server?

Dominique Sacre · 2013-12-17T16:18:00+00:00

Summary This article clarifies how to easily switch off SSL for an Orbix 6.3 server. Environment Orbix 6.3.* All Supported Operating Systems Question/Problem Description How can SSL be switch off for an Orbix 6.3 server? Clarifying Information For a secure application where e.g certificates expired it might be necessary to switch off SSL in order to bring the application back up while re-creating and installing new certificates. Error Message The Orbix server will log error messages below: IPAddressImplBase[inet_address=0.0.0.0/0.0.0.0,port=5000,protocol=TCP] - exception: null [alertLevel=Fatal, alertDescription=Certificate expired][_it_orb_id_1@testhost.microfocus.com/127.0.0.1] (IT_IIOP_TLS:13) E - failed server accept() on IPAddressImplBase[inet_address=0.0.0.0/0.0.0.0,port=5000,protocol=TCP] - exception: null [alertLevel=Fatal, alertDescription=Certificate expired] Defect/Enhancement Number Cause Expired certificates. Resolution Orbix is using SSL/TLS for secure communication through the iiop_tls plugin. Once this plugin is enabled for an ORB, Orbix will attempt to use secure communication. Assuming you have the Orbix 6.3 configuration scope below for the server (as an example the configuration scope for the TLS bank demo in the Orbix installation is shown below) bank_server{ orb_plugins = ["local_log_stream", "iiop_profile", "giop", "iiop_tls"]; policies:target_secure_invocation_policy:requires = ["Confidentiality"]; policies:target_secure_invocation_policy:supports = ["Confidentiality", "Integrity", "DetectReplay", "DetectMisordering", "EstablishTrustInTarget"]; policies:client_secure_invocation_policy:requires = ["Confidentiality", "EstablishTrustInTarget"]; policies:client_secure_invocation_policy:supports = ["Confidentiality", "Integrity", "DetectReplay", "DetectMisordering", "EstablishTrustInTarget"]; principal_sponsor:use_principal_sponsor = "true"; principal_sponsor:auth_method_id = "pkcs12_file"; principal_sponsor:auth_method_data = ["filename=C:\\products\\ORBIX_~1.6_W\\asp\\6.3\\etc\\tls\\x509\\certs\\demos\\bank_server.p12", "password=bankserverpass"];};In order to disable SSL on the server running with the configuration scope above replace the "iiop_tls" plugin with the "iiop" plugin in the orb_plugins list. So basically replace orb_plugins = ["local_log_stream", "iiop_profile", "giop", "iiop_tls"];with orb_plugins = ["local_log_stream", "iiop_profile", "giop", "iiop"]; This will switch off SSL by loading the iiop plugin instead of the iiop_tls. Workaround Notes Attachment #KnowledgeDocs#Orbix

Summary	This article clarifies how to easily switch off SSL for an Orbix 6.3 server.
Environment	Orbix 6.3.* All Supported Operating Systems
Question/Problem Description	How can SSL be switch off for an Orbix 6.3 server?
Clarifying Information	For a secure application where e.g certificates expired it might be necessary to switch off SSL in order to bring the application back up while re-creating and installing new certificates.
Error Message	The Orbix server will log error messages below: IPAddressImplBase[inet_address=0.0.0.0/0.0.0.0,port=5000,protocol=TCP] - exception: null [alertLevel=Fatal, alertDescription=Certificate expired] [_it_orb_id_1@testhost.microfocus.com/127.0.0.1] (IT_IIOP_TLS:13) E - failed server accept() on IPAddressImplBase[inet_address=0.0.0.0/0.0.0.0,port=5000,protocol=TCP] - exception: null [alertLevel=Fatal, alertDescription=Certificate expired]
Defect/Enhancement Number
Cause	Expired certificates.
Resolution	Orbix is using SSL/TLS for secure communication through the iiop_tls plugin. Once this plugin is enabled for an ORB, Orbix will attempt to use secure communication. Assuming you have the Orbix 6.3 configuration scope below for the server (as an example the configuration scope for the TLS bank demo in the Orbix installation is shown below) bank_server { orb_plugins = ["local_log_stream", "iiop_profile", "giop", "iiop_tls"]; policies:target_secure_invocation_policy:requires = ["Confidentiality"]; policies:target_secure_invocation_policy:supports = ["Confidentiality", "Integrity", "DetectReplay", "DetectMisordering", "EstablishTrustInTarget"]; policies:client_secure_invocation_policy:requires = ["Confidentiality", "EstablishTrustInTarget"]; policies:client_secure_invocation_policy:supports = ["Confidentiality", "Integrity", "DetectReplay", "DetectMisordering", "EstablishTrustInTarget"]; principal_sponsor:use_principal_sponsor = "true"; principal_sponsor:auth_method_id = "pkcs12_file"; principal_sponsor:auth_method_data = ["filename=C:\\products\\ORBIX_~1.6_W\\asp\\6.3\\etc\\tls\\x509\\certs\\demos\\bank_server.p12", "password=bankserverpass"]; }; In order to disable SSL on the server running with the configuration scope above replace the "iiop_tls" plugin with the "iiop" plugin in the orb_plugins list. So basically replace orb_plugins = ["local_log_stream", "iiop_profile", "giop", "iiop_tls"]; with orb_plugins = ["local_log_stream", "iiop_profile", "giop", "iiop"]; This will switch off SSL by loading the iiop plugin instead of the iiop_tls.
Workaround
Notes
Attachment

#KnowledgeDocs
#Orbix

Sign up

Please log in or register:

Welcome to the Rocket Forum!

Please log in or register:

Scanning file for viruses.

This file cannot be downloaded