SSL Error
Greetings all,
Before I start I want to mention that I am a total beginner with the WSO and SOAP in general.
If you are still reading, thank you. I am trying to connect to a service with an https:// endpoint. When I try and make a request I get a no reply error and the following in the logs. Any help would be much appreciated. I am running a Linux system (Kubuntu 8.04).
Here is the code I am using
Deleted because the sodding forum couldn&t display the SOAP request using any of the tags I could think of. Just assumed I am connecting to an HTTPS address correctly.
and here is the error in the logs
[Tue Nov 18 22:41:37 2008] [info] [rampart][rampart_mod] rampart_mod initialized
[Tue Nov 18 22:41:43 2008] [info] Starting addressing out handler
[Tue Nov 18 22:41:44 2008] [error] ssl/ssl_utils.c(86) [ssl client] Loading client certificate failed , key file
[Tue Nov 18 22:41:44 2008] [error] ssl/ssl_stream.c(101) Error occurred in SSL engine
[Tue Nov 18 22:41:45 2008] [error] http_client.c(245) Data stream creation failed for Host www.neighbourhood.statistics.gov.uk and 443 port
[Tue Nov 18 22:41:45 2008] [error] http_client.c(445) client data stream null or socket error for host www.neighbourhood.statistics.gov.uk and 443 port
[Tue Nov 18 22:41:45 2008] [error] http_client.c(449) A read attempt(HTTP) for the reply without sending the request
[Tue Nov 18 22:41:45 2008] [error] http_sender.c(1334) status_code < 0
[Tue Nov 18 22:41:45 2008] [error] engine.c(179) Transport sender invoke failed
So it looks like my client is trying to put together an SSL certificate and key file? How do I set this up (if that is the issue)?
Many thanks for any help you can offer.
RJ
On a sidenote, this has to be one of the most unintuitive pieces of forum software I have ever seen. How the hell do you get the bloody thing to actually display the XML you are trying to use.
- Login or register to post comments
- Printer friendly version
- 148 reads
Hi RurouniJones, You have
Hi RurouniJones,
You have to at least provide the "ca_cert" option to the ws_client.
You can get a help from this blog about setting up https client for wsf/php.
http://phpwebservices.blogspot.com/2008/03/calling-https-service-with-wsclient.html
It is not much different for ruby except it needs the option "CACert" to be renamed to "ca_cert".
Thanks
Dimuthu
Thanks for the help.Dimuthu,
Thanks for the help.Dimuthu, I am still getting the same error but now I can at least paste the code and logs which should help.
I obtained the cert from the target and put it in a "ssl" directory of the rails root. Just to be totally clear here are the details
/ssl/statistics.pem
-----BEGIN CERTIFICATE-----
MIIFDzCCBHigAwIBAgIQR57JHeQyhBuloAAg+zxK6zANBgkqhkiG9w0BAQUFADCB
ujEfMB0GA1UEChMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazEXMBUGA1UECxMOVmVy
aVNpZ24sIEluYy4xMzAxBgNVBAsTKlZlcmlTaWduIEludGVybmF0aW9uYWwgU2Vy
dmVyIENBIC0gQ2xhc3MgMzFJMEcGA1UECxNAd3d3LnZlcmlzaWduLmNvbS9DUFMg
SW5jb3JwLmJ5IFJlZi4gTElBQklMSVRZIExURC4oYyk5NyBWZXJpU2lnbjAeFw0w
ODAzMjcwMDAwMDBaFw0wOTAzMjcyMzU5NTlaMIIBHDELMAkGA1UEBhMCR0IxDjAM
BgNVBAgTBUhhbnRzMRAwDgYDVQQHFAdGYXJlaGFtMScwJQYDVQQKFB5PZmZpY2Ug
Zm9yIE5hdGlvbmFsIFN0YXRpc3RpY3MxEDAOBgNVBAsUB0ludGVyb3AxNTAzBgNV
BAsTLFRlcm1zIG9mIHVzZSBhdCB3d3cudmVyaXNpZ24uY28udWsvcnBhIChjKTA1
MSIwIAYDVQQLExlBdXRoZW50aWNhdGVkIGJ5IFZlcmlTaWduMScwJQYDVQQLEx5N
ZW1iZXIsIFZlcmlTaWduIFRydXN0IE5ldHdvcmsxLDAqBgNVBAMUI3d3dy5uZWln
aGJvdXJob29kLnN0YXRpc3RpY3MuZ292LnVrMIGfMA0GCSqGSIb3DQEBAQUAA4GN
ADCBiQKBgQCahhriT0q32Cs9IQYjZdpmm6qK89pOtaIQC4Io0OuWEMr/AIDYyzEO
BFlIPM5qjYKwR2sI5XaDe2llSKtJT6Ccbe5bjeJoLU4JlUShcmJq5RgM9GksEBCw
STUTul0Oec5CABadflEzA5kE/Qb6Irvhev0y31RfnHO145UF0F9XOwIDAQABo4IB
rzCCAaswCQYDVR0TBAIwADALBgNVHQ8EBAMCBaAwRgYDVR0gBD8wPTA7BgtghkgB
hvhFAQcXAzAsMCoGCCsGAQUFBwIBFh5odHRwczovL3d3dy52ZXJpc2lnbi5jby51
ay9ycGEwPAYDVR0fBDUwMzAxoC+gLYYraHR0cDovL1NWUkludGwtY3JsLnZlcmlz
aWduLmNvbS9TVlJJbnRsLmNybDAoBgNVHSUEITAfBggrBgEFBQcDAQYIKwYBBQUH
AwIGCWCGSAGG+EIEATBxBggrBgEFBQcBAQRlMGMwJAYIKwYBBQUHMAGGGGh0dHA6
Ly9vY3NwLnZlcmlzaWduLmNvbTA7BggrBgEFBQcwAoYvaHR0cDovL1NWUkludGwt
YWlhLnZlcmlzaWduLmNvbS9TVlJJbnRsLWFpYS5jZXIwbgYIKwYBBQUHAQwEYjBg
oV6gXDBaMFgwVhYJaW1hZ2UvZ2lmMCEwHzAHBgUrDgMCGgQUS2u5KJYGDLvQUjib
KaxLB4shBRgwJhYkaHR0cDovL2xvZ28udmVyaXNpZ24uY29tL3ZzbG9nbzEuZ2lm
MA0GCSqGSIb3DQEBBQUAA4GBAGsRN9KT3ZEtf8c69kexazTkWWonKGEx0Ywsnmz/
Kg7Cyv96orTMLKNKxphhmH6URiK5+B6mZGgsQaIJoWr3+aehhXMO0NpdavxeCwLI
CPMoGPqc1aBxqEbbKBSSI7zhZTApEikeGBkA5rPhUEUMIULhdMDptlwHgb3hr1vW
pvQG
-----END CERTIFICATE-----
So as far as I can tell the certificate is valid. Following is the code I am using to get the stuff running:
require 'wsf'
require 'rexml/document'
include REXML
include WSO2::WSF
client = WSClient.new({"to" => "https://www.neighbourhood.statistics.gov.uk/interop/NeSSDiscoveryBindingPort", "ca_cert" => "#{RAILS_ROOT}/ssl/statistics.pem"})
req =<<XML
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsu="http://docs.oasis-
open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<soap:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-
secext-1.0.xsd" xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" soap:mustUnderstand="1">
<wsse:UsernameToken xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-
wssecurity-secext-1.0.xsd" xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-
secext-1.0.xsd">
<wsse:Username>*************</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-
token-profile-1.0#PasswordText">********</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</soap:Header>
<soap:Body xmlns:ns2="http://neighbourhood.statistics.gov.uk/dissemination/resources/schemas/v0-
1/discoverystructs">
<ns2:AreaAtLevelElement>
<AreaIdWithLevelType>
<AreaId>276704</AreaId>
<LevelTypeId>12</LevelTypeId>
</AreaIdWithLevelType>
</ns2:AreaAtLevelElement>
</soap:Body>
</soap:Envelope>
XML
response = client.request(req)
but doing that gives the following errors still:
[Sat Nov 29 00:13:51 2008] [info] [rampart][rampart_mod] rampart_mod initialized
[Sat Nov 29 00:13:54 2008] [info] Starting addressing out handler
[Sat Nov 29 00:13:55 2008] [error] ssl/ssl_utils.c(86) [ssl client] Loading client certificate failed , key file
[Sat Nov 29 00:13:55 2008] [error] ssl/ssl_stream.c(101) Error occurred in SSL engine
[Sat Nov 29 00:13:55 2008] [error] http_client.c(245) Data stream creation failed for Host www.neighbourhood.statistics.gov.uk and 443 port
[Sat Nov 29 00:13:55 2008] [error] http_client.c(445) client data stream null or socket error for host www.neighbourhood.statistics.gov.uk and 443 port
[Sat Nov 29 00:13:55 2008] [error] http_client.c(449) A read attempt(HTTP) for the reply without sending the request
[Sat Nov 29 00:13:55 2008] [error] http_sender.c(1334) status_code < 0
[Sat Nov 29 00:13:55 2008] [error] engine.c(179) Transport sender invoke failed
Thanks for the help, I was running with JavaScript disabled which I think was why I didn't see the Rich Text Editor
I noted 1 mistake in your
I noted 1 mistake in your code.
1. You should only give a soap payload (i.e. what is inside body, starting from 'AreaAtLevelElement') to the request call.
2. In order to give 'username token' please check the 'consumer/security/username_token/' sample. You don't need to hard code these headers.
Thanks
Dimuthu
Hi RurouniJones, You can
Hi RurouniJones,
You can put the XML in the rich editor. (click the button 'Open Rich Editor'. This forum earlier has the rich editor by default. But look like some people didn't like it, because it takes time to load, (mostly posts are just text). Anyway depending on users feedback, we can ask the admins to consider to enable the rich editor by default back again.
Thanks
Dimuthu
Thanks for the tip. I
Thanks for the tip.
I thought that I would hardcode everything in the beginning because it would reduce the number of points of failure. I shall try it again using your advice