Amazon 500150 Error setting closing connection General SSLEngine - amazon-web-services

While connecting to Amazon RedShift, I getting the below error:
2016-04-14 13:49:30 ERROR SQL Exception when connecting [Amazon](500150) Error setting/closing connection: General SSLEngine problem.
java.sql.SQLException: [Amazon](500150) Error setting/closing connection: General SSLEngine problem.
at workbench.db.DbDriver.connect(DbDriver.java:546)
at workbench.db.ConnectionMgr.connect(ConnectionMgr.java:244)
at workbench.db.ConnectionMgr.getConnection(ConnectionMgr.java:172)
at workbench.gui.components.ConnectionSelector.doConnect(ConnectionSelector.java:227)
at workbench.gui.components.ConnectionSelector$1.run(ConnectionSelector.java:131)
Caused by: java.sql.SQLException: [Amazon](500150) Error setting/closing connection: General SSLEngine problem.
at com.amazon.redshift.client.PGClient.<init>(Unknown Source)
at com.amazon.redshift.core.PGJDBCConnection.connect(Unknown Source)
at com.amazon.jdbc.common.BaseConnectionFactory.doConnect(Unknown Source)
at com.amazon.jdbc.common.AbstractDriver.connect(Unknown Source)
at workbench.db.DbDriver.connect(DbDriver.java:513)
at workbench.db.ConnectionMgr.connect(ConnectionMgr.java:244)
at workbench.db.ConnectionMgr.getConnection(ConnectionMgr.java:172)
at workbench.gui.components.ConnectionSelector.doConnect(ConnectionSelector.java:227)
I am using SQL Workbench J to connect to the database system. The strangeness here it that the connection was working fine two days ago. This problem appeared from nowhere. Any idea??
We are following the exact steps written in the setup guide to add certificates to Java.
https://community.boomi.com/docs/DOC-2381
Am I missing anything here?
UPDATE
My Redshift database is SSL configured. We use SQL Workbench J (http://www.sql-workbench.net/) client to connect to that database. The issue now is that everytime we try to connect, we are getting the error I mentioned.
Below is our URL format:
jdbc:redshift://hostname:5439/dbname?ssl=true&sslmode=verify-full

It worked for me when I followed the solution given by cfregly on databricks forum. Please follow below URL for this solution:
https://forums.databricks.com/questions/867/ssl-connection-issues-with-redshift.html
Please try appending sslfactory value in the Connection URL string like below - it might work.
ssl=true&sslfactory=org.postgresql.ssl.NonValidatingFactory

Please add the following without the server certificate
ssl=true&sslfactory=com.amazon.redshift.ssl.NonValidatingFactory
The following would be the possible values for sslfactory
com.amazon.redshift.ssl.NonValidatingFactory
org.postgresql.ssl.NonValidatingFactory
Please see http://docs.aws.amazon.com/redshift/latest/mgmt/configure-jdbc-options.html

Try the following.
Run the keystore keytool based on the Java install for the environment variable JAVA_HOME (you may have multiple java installs so just use the default). Use the default cacerts keystore that comes with the JRE which will have a password of "changeit". You need to download the Redshift Certificate.
Then install the certificate for example:
C:\Program Files\Java\jdk1.8.0_25\jre\bin>keytool.exe -keystore "C:\Program Files\Java\jdk1.8.0_25\jre\lib\security\cacerts" -import -alias redshift -file redshift-ssl-ca-cert.pem
It will prompt you for the password ("changeit") and then should say the key has been added. If it fails its probably because you are not an admin user, so if in linux use sudo or in windows open the command window as administrator.
Start MYSQL Workbench using the cacerts keystore and the password entered above eg:
C:\apps\SQL-Workbench-Build118>java -Djavax.net.ssl.trustStore="C:\Program Files\Java\jdk1.8.0_25\jre\lib\security\cacerts" -Djavax.net.ssl.trustStorePassword=changeit -jar sqlworkbench.jar
You should be able to use the URL above and it should now work.

Related

Browser error during django + SSL connection with local server

I have a problem during adding facebook login button to my website at localhost.
I've already add mysite.com to hosts file and installed django-extensions, werkzeug, pyOpenSSL. By running command python manage.py runserver_plus --cert-file cert.crt my own-made sertificate was created. I imported this certificate to Trusted Chrome sertificates but safe connection doesn't establish. When i pass https://example.com:8000/account/login/ I hit an error NET::ERR_CERT_COMMON_NAME_INVALID,
Failed to confirm that this is the server example.com. Its safety certificate refers to *. The server may be configured incorrectly or someone is trying to intercept your data.
Please help me to solve this.

Configure WSO2 developer studio 3.8.0 in eclipse Luna

I am trying to configure WSO2 API Manager tooling in eclipse luna, as per https://apim.docs.wso2.com/en/latest/Learn/APIGateway/MessageMediation/pass-a-custom-authorization-token-to-the-backend/, however I keep getting javax.net.ssl.SSLHandshakeException when I try to connect to API manager instance. I have added the public certificate in the java trust store, also tried pointing eclipse to custom truststore where the public cert is added, still no luck. I have java 8 installed on Mojave. Not sure, if it is related to new version of the API manager. Here is the error message and stack trace.
Error Message
Getting WS Feature Available in Regisrty check failed Connection has been shutdown: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
https://pastebin.com/5bSpKJ4x Stack trace link
This is a ssl Handshake error, which usually occurs if you don't have trusted certificates in your trust store. Do the following
Download the certificate from what ever back-end service you are trying to hit.
Add it to the client-truststore.jks file in < apim-home >/repository/resources/security using the following command in cmd.
Open cmd from \jdk\bin
keytool -keystore "< apim-home >\repository\resources\security\client-truststore.jks" -storepass wso2carbon -importcert -file "< certFile-loction >"

How to Solve unknown_ca error on WSO2IS-5.7 when using MySQL RDS as backstore?

I've tried to install an instance on AWS using aws RDS as
my datasource through the mysql-connector-java-5.1.45-bin.jar
with jdbc url
jdbc:mysql://< instance>.< zone>.rds.amazonaws.com:3306/carbon_db
i've got an exception
com.mysql.jdbc.exceptions.jdbc4.CommunicationsException: Communications link failurecom.mysql.jdbc.exceptions.jdbc4.CommunicationsException: Communications link failure
The last packet successfully received from the server was 7 milliseconds ago. The last packet sent successfully to the server was 7 milliseconds ago.
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
at com.mysql.jdbc.Util.handleNewInstance(Util.java:425)
.
.
.
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: unknown_ca
I've tried to run
keytool -importcert -keystore <keystore> -storepass <pass> -noprompt -file rds-combined-ca-bundle.pem
on cacerts.jks in JVM and client-trustore.jks inside WSO2 repository with no effect
This happens since the public certificate from your DB connection, is not trusted by the WSO2 Identity Server.
Since you have tried adding the certificate, verify whether this has been added properly.
Get the public certificate from your DB instance.
Go to the <IS_HOME>/repository/resources/security folder. Import the public certificate to the client-truststore.jks file. Use the command below.
keytool -importcert -file certificate.cer -keystore client-truststore.jks -alias "Alias"
Restart the wso2 IS instance and check if the issue still persists.
According to the MySQL connector documentation in [1], following JDBC URL parameters should be included into the JDBC url to enable the SSL communication between MySQL server and the wso2 server.
useSSL=true
requireSSL=true
clientCertificateKeyStoreUrl
clientCertificateKeyStorePassword
I was able to successfully create the secure connection between MySQL server and the wso2 server with the below JDBC URL.
jdbc:mysql://<HOST_NAME>:<PORT>/apimgtdb?useSSL=true&requireSSL=true&clientCertificateKeyStoreUrl=file:<WSO2_HOME>/repository/resources/security/client-truststore.jks&clientCertificateKeyStorePassword=wso2carbon

<cfmail> failing when <cfmailparam> attaches image over https

I think this is more of a server setup issue?
As the subject says, when I "embed" images to a cfmail, using cfmailparam, if the image is called over https, the email fails. The error I get in mail.log is
javax.mail.MessagingException: IOException while sending message;
nested exception is: java.net.SocketException: Connection reset
Any ideas?
Thx!
Check the {cf_root}/logs/exception.log to see if there is anything more informative.
Sounds like CF isn't liking the SSL certificate. I know some CF versions and using CFHTTP, etc. don't like wildcard or SAN certificates and you have to import those to the keystore.
You have to grab the certificate then use the keytool to import it. This will require a CF restart after.
keytool -import -trustcacerts -keystore ./cacerts -alias myCert -file myCert.cer
Adobe has a write up on how-to: How to import certificates to ColdFusion's truststore
The problem could be because your Java version which is running ColdFusion is not supporting new TLS versions. You can solve this by upgrading Java to 1.8 or later or you can add the following to the JVM config in the ColdFusion Administrator.
-Dhttps.protocols=TLSv1.1,TLSv1.2

Chef Server Installation error

I am a newbie to chef. I am trying to install chef server on an ec2 centos instance.
I am following this link to install the chef server.
But I am getting error at step 8 of installation.
[root#ip-10-105-203-174 ~]# knife configure -i
/usr/lib/ruby/gems/1.8/gems/ohai-7.0.4/lib/ohai/loader.rb:188: warning: character class has `[' without escape
/usr/lib/ruby/gems/1.8/gems/ohai-7.0.4/lib/ohai/loader.rb:188: warning: regexp has `]' without escape
Overwrite /root/.chef/knife.rb? (Y/N)Y
Please enter the chef server URL: [https://ip-10-105-23-174:443] https://10.105.23.174
Please enter a name for the new user: [root]
Please enter the existing admin name: [admin]
Please enter the location of the existing admin's private key: [/etc/chef-server/admin.pem]
Please enter the validation clientname: [chef-validator]
Please enter the location of the validation key: [/etc/chef-server/chef-validator.pem] /root/.chef/chef-server/chef-validator.pem
Please enter the path to a chef repository (or leave blank):
Creating initial API user...
Please enter a password for the new user:
ERROR: Connection refused connecting to https://10.105.203.174/users, retry 1/5
ERROR: Connection refused connecting to https://10.105.203.174/users, retry 2/5
ERROR: Connection refused connecting to https://10.105.203.174/users, retry 3/5
ERROR: Connection refused connecting to https://10.105.203.174/users, retry 4/5
ERROR: Connection refused connecting to https://10.105.203.174/users, retry 5/5
ERROR: Network Error: Connection refused - Connection refused connecting to https://10.105.23.174/users, giving up
Check your knife configuration and network settings
Is this the right tutorial. Please help me resolving the issue.
You seem to be doing the right thing for chef, but it looks like a fundamental networking issue. If I understand properly, you are logged into the chef server and trying to set up knife on the same box to talk contact itself. Is Chef server actually running? Use 'netstat -an' and verify that something is waiting on the :443 port. Can you use a browser from another host to contact it? You could also consider installing "knife" on another machine and running the same thing.
Are you providing a valid chef-server url. At first look it looks like you are giving the workstation ip address.