| |
Results |
|
Web services cannot connect over SSL
|
Trying to call a web service over an SSL -enabled website (eg, https://localhost:80/gsoap/gsoap_ ssl .dll?ttwebservices) results in the error: Error occurred during web service invocation:Couldn't connect to [https: web service location]. A call to the same web service with the location changed to a non-SSL site will connect and perform as expected.
|
|
|
|
12.2.x : using pdiff with SSO => PRG7700110E Error: Web Services "http://splm-tests/gsoap/gsoap_ssl.dll?sbminternalservices72" returned an error: "soap_wsse_verify_X509"
|
But when running PDIFF, got this error : PRG7700110E Error: Web Services " http://xxxxxxxx/gsoap/gsoap_ ssl .dll?sbminternalservices72 " returned an error: "soap_wsse_verify_X509" ACL4500326E Error: User authentication failed when connecting to host xxxxxxxx
|
|
|
|
Failed to obtain security token: Web Services "http://serverName/gsoap/gsoap_ssl.dll?sbminternalservices72" returned an error: "java.lang.IllegalArgumentException"
|
Failed to obtain security token: Web Services "http://serverName/gsoap/gsoap_ ssl .dll?sbminternalservices72" returned an error: "java.lang.IllegalArgumentException"
|
|
|
|
Two-way SSL configuration for Manual Deployment Tasks
|
This KB article addresses the following issues that may be encountered when using Secure Sockets Layer (SSL) with Release Control: Web service /orchestration calls fail with the error "The https URL hostname does not match the Common Name (CN) on the server certificate" After configuring 2-way SSL, the execution links for manual deployment tasks fail.
|
|
|
|
Web Service Samples no longer compile and need to be updated
|
When using .NET Studio 2015 or 2017 or newer, new projects use .NET WCF concepts, and the existing samples will not compile using the new concepts. Need to update samples for authentication to use WCCE, basic, username/password embedded in an authentication object, and SSO, all while supporting SSL and non- SSL .
|
|
|
|
How does SBM connect to a SSL protected server
|
SBM has several Java-based components that can make calls to outside services that are protected with SSL. A few of these services are the Notification Server, Mail Client, Orchestration Engine and Application Repository. Orchestrations that use HTTPS SSL endpoints do so under the purview of the Orchestration Engine. When these services attempt to contact an SSL enabled endpoint ( web service , Exchange Server, etc), it is required to tell the SBM JDK to trust the SSL certificate provide to it by the endpoint.
|
|
|
|
RLC Web Service/Orch fails with error "The https URL hostname does not match the Common Name (CN) on the server certificate in the client's truststore."
|
This problem can occur when SBM is setup to use load balancing and SSL communication. In the common log, you will see errors like this:
|
|
|
|
RLC Web Service/Orch fails with error "The https URL hostname does not match the Common Name (CN) on the server certificate in the client's truststore."
|
This problem can occur when SBM is setup to use an internal and external host name and SSL communication. In the common log, you will see errors like this:
|
|
|
|
Important SSL certificates in SBM
|
Client SSL Certificates: In some cases, it is desired to have the client present an identifying SSL client certificate to SBM. Or to have SBM present and identify itself with an SSL client certificate to another web service . Single-Sign On Login Server certificates.
|
|
|
|
How to get a copy of the certificate chain and copy it to the certificate trust store ("PKIX path building failed" or similar SSL connection errors.)
|
When using SSL, it is imperative that the SBM server components can verify trusted status of an SSL certificate. This could be any URL or web service that communicates via SSL /HTTPS, such as a secure mail server or an orchestration endpoint etc. To verify the trusted status of a certificate, you must put all the certificate authority (CA) public keys from the certificate signing chain into the trusted certificate store. For
|
|
|
