AppWorx, Dollar Universe and Sysload Community

  • Private Community
 View Only

  • 1.  ApplicationManager 9.3.3 upgrade adding ssl to a netscaler Load balancer

    Posted Oct 20, 2020 08:40 AM
    We are trying to setup ssl for the clients using the ssl custom setup doc. We have a wildcard cert from godaddy for our development network.  the load balancer is using the same cert.  We debug set and the log does not give much to go on.  Any help appreciated

    We used keytool  to create the keystore and import the cert
    keytool -import -keystore user_keystore -file appworxd.crt -alias appworxd
    cd ../web/classses
    java -DAW_HOME=${AW_HOME} -cp AppWorx.jar:uc4-ra.jar com.appworx.util.EncryptKeystoreFile  {used password for keystore/cert}

    We edited the Options.properties file to set SSL=on and also the site/awenv.ini SSL=Yes

    When start the master/agents the AgentService log gets

    14:55:11.146 AgentService: .AwComm: sending message to awcomm 22C R:DAUTO AgentService*
    14:55:11.151 AgentService: .AwComm: lookup 60010 Y 172.20.178.12
    14:55:11.151 AgentService: .AgentService: createSocket: 172.20.178.12:60010 From djob.ccsnh.edu/172.20.178.12:0 encrypt true
    14:55:11.151 AgentService: .AgentService: using sun ssl
    14:55:11.171 AgentService: .SocketManager: TLSv1.2 SunJSSE version 1.8
    14:55:11.173 AgentService: .KeyManager: ---alias: appworxd
    14:55:11.173 AgentService: AwE-9999
    14:55:11.174 AgentService: .AxOptions: NoErrorMsgProperties=false
    ErrorMsg: AwE-9999 Internal error (10/19/20 2:55 PM)
    Details: null
    Internal error : null : java.lang.NullPointerException
    at com.appworx.agent.AgentService.createSocket(AgentService.java:638)
    at com.appworx.agent.AgentService.B(AgentService.java:776)
    at com.appworx.agent.AgentService.A(AgentService.java:669)
    at com.appworx.agent.AgentService.<init>(AgentService.java:357)
    at com.appworx.agent.AgentService.main(AgentService.java:1006)
    Caused by: java.lang.NullPointerException
    at com.appworx.server.ssl.B.A(KeyMgr.java:51)
    at com.appworx.server.ssl.A.A(TrustMgr.java:11)
    at com.appworx.agent.AgentSocketManager.G(AgentSocketManager.java:82)
    at com.appworx.agent.AgentService.createSocket(AgentService.java:610)
    ... 4 more
    java.lang.NullPointerException
    at com.appworx.server.ssl.B.A(KeyMgr.java:51)
    at com.appworx.server.ssl.A.A(TrustMgr.java:11)
    at com.appworx.agent.AgentSocketManager.G(AgentSocketManager.java:82)
    at com.appworx.agent.AgentService.createSocket(AgentService.java:610)
    at com.appworx.agent.AgentService.B(AgentService.java:776)
    at com.appworx.agent.AgentService.A(AgentService.java:669)
    at com.appworx.agent.AgentService.<init>(AgentService.java:357)
    at com.appworx.agent.AgentService.main(AgentService.java:1006)

    RmiServer log gets
    14:55:08.524 main: .SocketManager: findPort 0 true
    14:55:08.524 main: .SocketManager: Try port 60010
    14:55:08.543 main: .SocketManager: TLSv1.2 SunJSSE version 1.8
    14:55:08.544 main: .KeyManager: ---alias: appworxd
    14:55:08.545 main: .SocketManager: findPort: 60010 java.lang.NullPointerException
    14:55:08.545 main: .SocketManager: Try port 60011
    .
    .
    .
    14:55:08.976 main: .SocketManager: TLSv1.2 SunJSSE version 1.8
    14:55:08.976 main: .KeyManager: ---alias: appworxd
    14:55:08.976 main: .SocketManager: findPort: 65535 java.lang.NullPointerException
    14:55:08.976 main: AwE-5125
    14:55:08.979 main: .AxOptions: NoErrorMsgProperties=false
    ErrorMsg: AwE-5125 No port available (10/19/20 2:55 PM)
    Details: 60010-65535
    java.lang.RuntimeException
    at com.appworx.server.data.SocketManager.findPort(SocketManager.java:363)
    at com.appworx.server.data.AxRmiServer.main(AxRmiServer.java:876)
    .
    .
    .
    ------------- awenv.ini Default Section Values ----- END ------------


    14:55:08.980 main: .AxRmiServer$1: null ErrorMsg: AwE-5125 No port available (10/19/20 2:55 PM)
    Details: 60010-65535
    14:55:08.980 main: .AxRmiServer: serverSocket null
    14:55:08.983 main: AwE-9999
    ErrorMsg: AwE-9999 Internal error (10/19/20 2:55 PM)
    Details: null
    java.lang.NullPointerException
    at com.appworx.server.data.AxRmiServer.main(AxRmiServer.java:878)

    14:55:08.983 main: .AxRmiServer$1: null ErrorMsg: AwE-9999 Internal error (10/19/20 2:55 PM)
    Details: null


    Thanks for any help

    Larry


  • 2.  RE: ApplicationManager 9.3.3 upgrade adding ssl to a netscaler Load balancer

    Posted Oct 21, 2020 10:51 AM
    You can bypass the need to install certs by modifying the java.security file on your servers and your clients.  What is driving the need to install certs is that Oracle/Sun disabled the use of the anon and NULL cipher suites that allow TLS/SSL to exchange keys without certificates.  They did so by adding anon and NULL to the list of TLS disabled algorithms in the java.security file under jre/lib/security. 

    You need to look for the following entry in the java.security file:

    jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, \
     EC keySize < 224, 3DES_EDE_CBC, anon, NULL

    It needs to be changed to get AppWorx to:

    jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize < 768, \
    EC keySize < 224, 3DES_EDE_CBC

    After removing anon and NULL from the list of disabled TLS protocols, AppWorx and the clients will established secure connections using anon and NULL like they did before Oracle broke how AppWorx works by default. Whether or not this solution works for you is dependent on how often you update Java on your servers and your clients and the number of users who use the AppWorx Client.  I only have two users who use the AppWorx client and they both know what needs to be changed when Java is upgraded on their machines.
    Original Message


  • 3.  RE: ApplicationManager 9.3.3 upgrade adding ssl to a netscaler Load balancer

    Posted Oct 30, 2020 08:21 AM
    Thanks Mark,  We have done that change in the java.security file and we are still having issues
    Original Message


  • 4.  RE: ApplicationManager 9.3.3 upgrade adding ssl to a netscaler Load balancer

    Posted Oct 29, 2020 08:54 AM
    We have the same exact issue today after the upgrade today from 9.2 to 9.3.3,  we are not using wildcard cert but a custom SSL certificate.   We upgraded from 9.2 to 9.3.3.

    Hope these upgrades are cumulative and we are not required to upgrade to 9.3 before the 9.3.3 upgrade.
    Original Message


  • 5.  RE: ApplicationManager 9.3.3 upgrade adding ssl to a netscaler Load balancer

    Posted Oct 29, 2020 10:17 AM

    Tried with a self signed certificate and the services started fine.   Maybe something wrong with the way the cert was generated?

    This is what we used for the CSR for proper cert:

    keytool -keystore user_keystore -genkey -alias client -keyalg RSA -keysize 2048
    keytool -keystore user_keystore -certreq -alias client -file client.csr

    This is what we used for a self signed cert:
    keytool -keystore user_keystore -genkey -alias automic


    Original Message


  • 6.  RE: ApplicationManager 9.3.3 upgrade adding ssl to a netscaler Load balancer

    Posted Oct 30, 2020 08:29 AM
    We have a wildcard cert for our different Development, Test and Production environments.  My cert admin gave me a crt file.  I used the following commands

    cd data
    keytool -import -alias appworxd -file appworxd.crt -keypass xyz -keystore user_keystore -storepass xyz
    cd ../web/classes
    java -DAW_HOME=${AW_HOME} -cp AppWorx.jar:uc4-ra.jar com.appworx.util.EncryptKeystoreFile xyz

    I have Options.properties 
    SSL=on
    I have awenv.ini
    SSL=Yes

    Still getting 

    08:15:38.687 AgentService: .AgentService: createSocket: 172.20.178.12:60010 From djob.ad.ccsnh.edu/172.20.178.12:0 encrypt true
    08:15:38.687 AgentService: .AgentService: using sun ssl
    08:15:38.702 AgentService: .SocketManager: TLSv1.2 SunJSSE version 1.8
    08:15:38.704 AgentService: .KeyManager: ---alias: appworxd
    08:15:38.704 AgentService: AwE-9999
    08:15:38.708 AgentService: .AxOptions: NoErrorMsgProperties=false
    ErrorMsg: AwE-9999 Internal error (10/30/20 8:15 AM)
    Details: null
    Internal error : null : java.lang.NullPointerException
    at com.appworx.agent.AgentService.createSocket(AgentService.java:638)
    at com.appworx.agent.AgentService.B(AgentService.java:776)
    at com.appworx.agent.AgentService.A(AgentService.java:669)
    at com.appworx.agent.AgentService.<init>(AgentService.java:357)
    at com.appworx.agent.AgentService.main(AgentService.java:1006)
    Caused by: java.lang.NullPointerException
    at com.appworx.server.ssl.B.A(KeyMgr.java:51)
    at com.appworx.server.ssl.A.A(TrustMgr.java:11)
    at com.appworx.agent.AgentSocketManager.G(AgentSocketManager.java:82)
    at com.appworx.agent.AgentService.createSocket(AgentService.java:610)
    ... 4 more
    java.lang.NullPointerException
    at com.appworx.server.ssl.B.A(KeyMgr.java:51)
    at com.appworx.server.ssl.A.A(TrustMgr.java:11)
    at com.appworx.agent.AgentSocketManager.G(AgentSocketManager.java:82)
    at com.appworx.agent.AgentService.createSocket(AgentService.java:610)
    at com.appworx.agent.AgentService.B(AgentService.java:776)
    at com.appworx.agent.AgentService.A(AgentService.java:669)
    at com.appworx.agent.AgentService.<init>(AgentService.java:357)
    at com.appworx.agent.AgentService.main(AgentService.java:1006)
    Original Message


  • 7.  RE: ApplicationManager 9.3.3 upgrade adding ssl to a netscaler Load balancer

    Posted Nov 19, 2020 09:22 AM
    Were you able to get  your signed certificate to work with 9.3.3?  If so, could you let us know the details.  Thanks!

    ------------------------------
    Ellucian
    ------------------------------

    Original Message