I an building a Java EE application with Netbeans 7.3.2 using Javafx as a client to be served by web services from the EJB. I want to add SSL to secure the web services communication with the client over the network. I tried to add security to the web services but getting the following errors
SEVERE: WSS1601: Security Requirements not met - Transport binding configured in policy but incoming message was not SSL enabled
SEVERE: WSITPVD0035: Error in Verifying Security in Inbound Message.
com.sun.xml.wss.impl.XWSSecurityRuntimeException: WSS1601: Security Requirements not met - Transport binding configured in policy but incoming message was not SSL enabled
I have tried all means to get a tutorials online to help me do this since I am new to web services security and more so to configuring SSL for this.
Please can someone please help me with some tutorials or solution to this. Thanks in advance.
Web services are usually normal web applications in the background. So usually it is enough enabling SSL and assigning an SSL port at server side. For example in WebLogic open WebLogic admin console and set the followings:
Environment/Servers/AdminServer/Configuration/SSL Listen Port Enabled
Environment/Servers/AdminServer/Configuration/SSL Listen Port: 7004
Then at client side just change http to https and the non-SSL port to the SSL port in the URL of the web service.
Related
I am not able to connect to Database through bolt in Neo4j browser when opening my domain on HTTPS. We are using Neo4j Enterprise version 4.4.4 and its deployed on AWS EC2. All the ports are opened in Security Group ( 7474, 7473, 7687, 22).
SSL has been applied through ACM and that is attached with Application Load Balancer.
Below is the error-
ServiceUnavailable: WebSocket connection failure. Due to security constraints in your web browser, the reason for the failure is not available to this Neo4j Driver. Please use your browsers development console to determine the root cause of the failure. Common reasons include the database being unavailable, using the wrong connection URL or temporary network problems. If you have enabled encryption, ensure your browser is configured to trust the certificate Neo4j is configured to use.
Use "bolt+s://" or "neo4j+s://" for the connection
The '+s' variants of URI schemes for encrypted sessions with full certificates
Refer to the Neo4j Driver manual for more details on the connection URI.
I had the same issue after deploying to EC2 using an AWS image (not from neo4j) to install neo4j community edition.
In my case, the neo4j browser was initially using this "Connect URL": neo4j://127.0.0.1:7687, which the browser then automatically changed to bolt://127.0.0.1:7687. After that, I saw the same error message that you did.
If you experience that scenario, you need to change the 127.0.0.1 portion of the URL to the appropriate public IP address or public DNS hostname for your EC2 instance.
According to the AWS documentation, "WebSockets and Secure WebSockets support is available natively and ready for use on an Application Load Balancer."
However, when I select Application Load Balancer in EC2, I don't have any option other than HTTP and HTTPS:
I would like to use the secure websocket protocol (wss://) which I believe would be over TLS:8888.
How can I input this option?
The solution was to use HTTPS for the listener protocol, even though the browser is making requests to wss://.
For port number, configuring both the listener and environment instance to port 8888 works.
I am using WordPress Certified by Bitnami and Automattic, and one VM Instance running in Google Cloud Compute Engine.
I configured a free SSL certificate from Let's Encrypt for my website and also configured the Certbot Auto-Renewal script.
I tried using Cloudflare and I was receiving 5xx errors sometimes, mostly 522 timeout error. I stopped using the Cloudflare service, and I tried to configure a GCP load balancer for my VM Instance.
I created an Unmanaged Instance Group and I configured the HTTP protocol for my backend service with Cloud CDN Enabled in the load balancer, and for the Frontend, I configured an HTTP and HTTPS protocol and created a Google Managed SSL Certificate for the HTTPS protocol in my load balancer.
(The SSL certificate is ACTIVE)
I used this link to configure my load balancer in Google Cloud Platform:
https://docs.bitnami.com/google-templates/how-to/configure-lb-ssl-google-templates/
The problem is that I have 2 SSL Certificates and I get 502 Server Error:
*
"Error: Server Error The server encountered a temporary error and
could not complete your request. Please try again in 30 seconds."
*
I don't know how to solve this problem.
I just want to use a very basic and common configuration for my website.
I also want to know why I received a 522 timeout error from Cloudflare and how to solve it.
I need a quick response and appreciate your answers and help in advance.
I would advise you to follow 1 to create a HTTPS Load Balancer with the backend service 2. Once you create that, you can enable CDN 3.
Regarding the errors, Make sure that your backend instance is healthy and supports HTTP/2 protocol. You can verify this by testing connectivity to the backend instance using HTTP/2.
After you verify that the VM uses the HTTP/2 protocol, make sure your firewall setup allows the health checker and load balancer to pass through.
If there are no problems with the firewall setup, ensure that the load balancer is configured to talk to the correct port on the VM. I will also suggest you to walkthrough 4 for more steps that you can take to troubleshoot this issue.
I developed our websocket project on wildfly. When we test it on localhost or within our local network, everything work fine. But when I deployed it on AWS, websocket don't work any longer. We can access other html pages. But when we conenct to "ws://ip/project location ", chrome just says hand shake error. I have experienced the same web socket problem on jelastic hosting too. My question is
Why it is happening like this?
Is websocket protocol not stable enough?
Is there any suitable hosting for websocket projects in java?
So far balancers don't forward websocket headers. To make WS working you must have a public IP address and no other services in front of your application.
I suggest you try deploying to the cloud provider : Heroku - their sample app code using node.js and websockets will get you up and running quickly. A locally running websocket app which uses a specific port - say 8888 will run fine on heroku with :
var port = process.env.PORT || 8888;
as heroku internally will deploy your app with a run-time generated port visible via PORT .
If you are using node.js with websockets I suggest using the einaros ws implementation
var WebSocketServer = require("ws").Server;
which seamlessly handles the notion of ws port -vs- the http port
Currently ELB doesn't support Websocket in HTTP mode. To be able to handle Websocket you need to configure the ELB in tcp mode (the payload of the tcp connection will be send directly to the server, so the ELB doesn't impact the http and ws flow). With this set up you won't be able to see the caller ip.
Without the ELB Websocket works perfectly (AWS only sees ip traffic and the OS only tcp one), we haven't change any thing for a plain old http server in order to use WS (except the WS handling code in the web server).
To know if you are using ELB look at the bill, AWS can provide you a lot of very interesting services, for a fee.
I am trying to setup an Elastic load balancer to route requests to a cluster of node.js servers running Primus.io with sockjs to manage real time communications.
I have set up the load balancer to listen with the following configuration:
HTTPS 8084 -> HTTPS 8084 (The port used on my node.js servers)
SSL 443 -> TCP 80
My understanding is that the only way to get websockets to work through ELB is via SSL->TCP, hence the above configuration.
I have correctly enabled the new proxy protocol for ELB as described here:
http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/enable-proxy-protocol.html
When trying to connect to the server from a client an HTTPS request is initially sent and then from what I can gather it should be upgraded to websockets. But the request is simply failing when I send it to the loadbalancer address.
If I send the initial Primus connection request to the ip of a single nodejs server like so:
var primus = new Primus('https://ip.address.of.single.server:8084');
The request is correctly returned and is upgraded to websockets correctly.
When I switch the ip address to that of the balancer, it fails and the initial https request to the node.js server returns nothing. I assume this means that the websocket transfer could not be established, but to be honest I have little experience in this area so could be completely wrong.
Does anyone have any idea what I am doing wrong?
Thanks in advance
Do you have clustered your NodeJS-instances? For example, if you use SocketIO you should use a clustered session store. Actually, I'm also currently investigating the same with SockJS running on top of Vertx.
The problem behind is Amazon ELB won't respect any forwards in the past (in opposite to Sticky Session on top of HTTP) which means that a connections via TCP level can be forwarded at any cluster's node. Yes, one tcp channel would be okay. But frameworks like SocketIO do a little bit more to support sessions (does not exist in WebSockets) and multiple transport layers (http, polling, sockets, and so on).