Anyway, if we run Omniscope file from other computer (Desktop version), the data can be feed with https without any error.
Could you suggest what could be the root cause? Thank you.]]>
The server you are connecting to does not have a valid certificate from an authorised authority".
This happens if the server certificate is not issued by certification authority, and it is self signed or issued by a private CMS.
If you trust the server, you can add the server certificate to your trusted Java key store, and allow Omniscope to use it as trusted and verified certificate.
The cause of the problem and solution are both well explained in this article.
Here are the steps to allow Omniscope to recognise and use your server certificate:
- Use InstallCert tool
- Get the InstallCert.java file from http://code.google.com/p/java-use-examples/source/browse/trunk/src/com/aw/ad/util/InstallCert.java
- Compile the file using the "javac" command:
javac InstallCert.java - Add your server certificate
- Run InstallCert, with the server hostname and https port (if available), then press “1” when ask for input:
java InstallCert myserver.com:8080
- Check the process has finished and generated a file named “jssecacerts“ in the same folder you run the InstallCert tool. - Launch Omniscope with JVM parameter
- See "Additional JVM arguments" here http://www.visokio.com/kb/installconfig .
- Update your installconfig.properties file to have the following line:
ADDITIONAL_JVM_ARGS=-Djavax.net.ssl.trustStore=c:\yourFolder\jssecacerts
- Start Omniscope.
For the sake of simplicity, please find attached a zip file with the 2 InstallCert tool classes already compiled and ready to run.]]>
The site is an intranet site & smart-card certificate is used for client authentication.]]>
1. Download the public key for Amazon RDS.
http://s3.amazonaws.com/rds-downloads/mysql-ssl-ca-cert.pem
2. Add the key to the java keystore for use with Omniscope.
You will need to install the latest Java SE Development Kit 7 to use the keytool. We will also be using the root certificates file provided with the java runtime.
Java SE Development Kit 7 Downloads
http://www.oracle.com/technetwork/java/javase/downloads/jdk7-downloads-1880260.html
Create a directory for working with the certificates.
Copy the Amazon RDS public key file that you downloaded into it.
Copy the cacerts authority file from the jdk jre security library directory.
mkdir C:\Users\USERNAME\omniscope-server\security
cd C:\Users\USERNAME\omniscope-server\security
copy "C:\Users\USERNAME\Downloads\mysql-ssl-ca-cert.pem” "C:\Users\USERNAME\omniscope-server\security\”
copy "C:\Program Files\Java\jdk1.7.0_65\jre\lib\security\cacerts” "C:\Users\USERNAME\omniscope-server\security\”Import the Amazon RDS public key into the authority file.
"C:\Program Files\Java\jdk1.7.0_65\bin\keytool.exe” -import -v -alias awsrdsmysql -file mysql-ssl-ca-cert.pem -keystore cacertsYou will be prompted for the password which is "changeit”
You will be prompted to Trust this certificate”, type yes
Certificate was added to keystore
[Storing cacerts]
You can view the certificates to check using the following command
"C:\Program Files\Java\jdk1.7.0_65\bin\keytool.exe” -list -v -keystore cacertsYou now have a file with the default root certificates and the Amazon RDS mysql public key.
3. Set the Java keystore file for Omniscope to this file.
Edit the installconfig.properties file for your Omniscope installation.
http://www.visokio.com/kb/installconfig
Uncomment the ADDITIONAL_JVM_ARGS parameter if commented out and add the following , the value for -Djavax.net.ssl.trustStore must be the full path and filename of the keystore file.
-Djavax.net.ssl.trustStore=”C:\Users\USERNAME\omniscope-server\security\cacerts"
ADDITIONAL_JVM_ARGS=-Djavax.net.ssl.trustStore="
C:\Users\USERNAME\omniscope-server\security\cacerts"4. Download and install the latest official JDBC driver for MySQL - MySQL Connector/J.
http://dev.mysql.com/downloads/connector/j/
5. Start Omniscope and connect to the database using the Database table source or Database table output.
Connection details
Select database:
JDBC (Advanced)Driver jar path: path to the MySQL Connector/J JDBC driver you installed earlier
e.g.
C:\Program Files (x86)\MySQL\MySQL Connector J\mysql-connector-java-5.1.31-bin.jarDriver Class:
com.mysql.jdbc.DriverJDBC URL:
jdbc:mysql://HOSTNAME:PORT/DATABASENAME?useSSL=trueThe HOSTNAME:PORT is the authorized Endpoint listed in the RDS Dashboard for the database instance. You need to append the useSSL=true parameter to the url.
See http://dev.mysql.com/doc/connector-j/en/connector-j-reference-configuration-properties.html for the JDBC URL Format.
e.g.
jdbc:mysql://visokiodbinstance.cnyz7m0qcuin.eu-west-1.rds.amazonaws.com:3306/visokiomysqldb?useSSL=true
]]>Server SSL Error - handshake alert: unrecognized_name
You may get this SSL error if the server you are trying to access has not been properly configured.
For security reasons SNI extension has been enabled by default in Java 7. However, if you trust the server you are trying to connect you may want to disable SNI extension.
jsse.enableSNIExtension is a java system property. Server Name Indication (SNI) is a TLS extension, defined in RFC 4366. It enables TLS connections to virtual servers, in which multiple servers for different network names are hosted at a single underlying network address.
Some very old SSL/TLS vendors may not be able to handle SSL/TLS extensions. In this case, set this property to false to disable the SNI extension.
To disable SNL extension you need to do the following:
1. Open 'installconfig.properties' file located at {YOUR_OMNISCOPE_INSTALLATION_PATH}
{YOUR_OMNISCOPE_INSTALLATION_PATH} - this is where Omniscope is installed on your machine (e.g. C:\Users\slavvi\AppData\Local\Visokio Omniscope app)
2. Edit the file to add this line:
ADDITIONAL_JVM_ARGS=-Djsse.enableSNIExtension=false
3. Restart Omniscope
Note: After setting this property, you may get the following error if the server you want to access does not have a certificate issued by a certified authority:
The server you are connecting to does not have a valid certificate from an authorised authority
To resolve this error please read the following post:
http://forums.visokio.com/discussion/2613/security-the-server-you-are-connecting-to-does-not-have-a-valid-certificate
However, you will be unable to execute step 2 outlined in that forum post unless you disable the SNI extension while executing that command. Here is how that command may look like:
java -Djsse.enableSNIExtension=false InstallCert server-storing-my-iok-files.com:443
]]>
Server SSL error - The server you are connecting to does not have a valid certificate from an authorised authority
Here is what you need to do to enable Omniscope access the url you have (e.g. "https://server-storing-my-iok-files.com/"):
1. Download InstallCert.zip archive and unzip it (it contains two java class files: InstallCert$SavingTrustManager.class, InstallCert.class), put both of them in a folder (e.g. c:\your_path\)
2. Open command prompt (cmd.exe) and change current dir to the folder containing the class files from step 1 (e.g. cd c:\your_path\) then execute this command:
- java InstallCert server-storing-my-iok-files.com:443
Note: if you don't have java installed, use the java executable located at:
- {YOUR_OMNISCOPE_INSTALLATION_PATH}\x86\bin\java (if you have a 32 bit OS)
- {YOUR_OMNISCOPE_INSTALLATION_PATH}\x64\bin\java (if you have a 64 bit OS)
{YOUR_OMNISCOPE_INSTALLATION_PATH} - this is where Omniscope is installed on your machine (e.g. C:\Users\slavvi\AppData\Local\Visokio Omniscope app)
(to check whether you have a 32-bit or 64-bit OS: open Control Panel -> System and check 'System type:')
The command may look like this: "{YOUR_OMNISCOPE_INSTALLATION_PATH}\x64\bin\java" InstallCert server-storing-my-iok-files.com:443
If you get the SSL error - handshake alert: unrecognized_name while executing this command please read this post: handshake alert: unrecognized_name
3. You will be asked 'Enter certificate to add to trusted keystore or 'q' to quit: [1]', press 1 then press ENTER
Note: After executing step 3, this message will be displayed in the console:
Added certificate to keystore 'jssecacerts' using alias 'server-storing-my-iok-files.com-1'
which means that this particular certificate will be trusted by java applications if 'jssecacerts' keystore is provided
Notice that 'jssecacerts' file has been created in the folder you executed the command (e.g. c:\your_path\)
4. Open 'installconfig.properties' file located at {YOUR_OMNISCOPE_INSTALLATION_PATH}
5. Edit the file to add this line:
ADDITIONAL_JVM_ARGS=-Djavax.net.ssl.trustStore="c:\your_path\jssecacerts"
6. Restart Omniscope
Note 1: You will get this error if you miss step 5 or the path to 'jssecacerts' is wrong:
java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
Note 2: If -Djavax.net.ssl.trustStore="c:\your_path\jssecacerts" points to a directory instead of a file or to a non-existent path, all SSL connections will fail (regardless whether the certificates have been authorised by the most trusted authorities, SSL connections will NOT work at all) and the same error will be displayed:
java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
Note 3: There can be only one path set to -Djavax.net.ssl.trustStore="c:\your_path\jssecacerts". If you need more than one trust stores, you need to merge them into a single file and set that file to javax.net.ssl.trustStore property. If this is the case, the simplest solution is to use steps 1-3 mentioned above to add each individual URL. Each entry will be appended to the same jssecacerts file.
]]>
If you want to use your own fully validated SSL certificate, you need to configure the path and the password of the keystore file containing the certificate.
To generate keys and certificates, follow one of these two guides:
Generate a Self Signed Certificate using Java Keytool
Generate a Trusted Certificate]]>
I have a scheduled task and want to set a failure alert email notification. I have found the screen where i need to input the smtp, port, user & password & SSL & message info
I have tried with a few email accounts - one my personal Hotmail, which i have the settings for on my IPhone.
FYI - Although MS Office is installed, but there is no email set-up in a non POP3 or IMAP email client like Outlook Exchange on the server.
All create an error message telling me that cannot connect to SSL and to check antivirus/firewall on the server. I have had infrastructure test the server and cannot find anything on the server that would be preventing this working? (screenshot attached in Word document)
Is there anything i am doing incorrectly, some setting i need to change, is this a known bug in the alpha 2.7 version?
Thanks - Matt Burgess]]>
These errors might take different forms in different situations, such as:
- SSLHandshakeException
- FailedDownloadException
- “Publisher authenticity can not be verified”
When launching an Omniscope Online (WebStart) application, which involves clicking a Launch button in a web page, or opening a JNLP file, these errors might happen before Omniscope itself starts.
Or, these errors might happen if you start Omniscope and choose File > Open file > Open from web.
Likely causes
- If the website is using a self-signed certificate, Omniscope cannot access the site. This is because the certificate cannot be verified or trusted.
- If the website is using a correctly signed certificate, the server may be missing one of the certificates in the certification chain.
To check and diagnose problems with the SSL certificate used for a particular site, use a free online SSL testing tool (e.g. http://www.sslshopper.com/ssl-checker.html), to make sure it is correctly installed, valid, trusted and doesn't give any errors to any of your users.
In case of using the suggested tool, if it recognises there is a problem with your server (e.g. a missing certificate in the chain) it suggests a solution (e.g. "The certificate is not trusted in all web browsers. You may need to install an Intermediate/chain certificate to link it to a trusted root certificate." - note that from the point of view of this tool, “browsers” includes applications like Omniscope which connect to an HTTPS site).
Your server administrators (SharePoint or other) should be able to take this information and resolve the problem easily.]]>