Mirth Community

Mirth Community (http://www.mirthcorp.com/community/forums/index.php)
-   Support (http://www.mirthcorp.com/community/forums/forumdisplay.php?f=6)
-   -   Configuring Mirth SSL Plugin to use a Custom Certificate Authority? (http://www.mirthcorp.com/community/forums/showthread.php?t=11427)

mirraraenn 08-27-2014 08:37 AM

Configuring Mirth SSL Plugin to use a Custom Certificate Authority?
 
How can I configure Mirth (with SSL Plugin) to use a non-standard certificate authority to allow for receiving and sending to hosts that have certificates created from that CA?

narupley 08-27-2014 09:16 AM

Quote:

Originally Posted by mirraraenn (Post 41749)
How can I configure Mirth (with SSL Plugin) to use a non-standard certificate authority to allow for receiving and sending to hosts that have certificates created from that CA?

You just need to add the root (CA) certificate to the truststore.

mirraraenn 08-27-2014 09:51 AM

Quote:

Originally Posted by narupley (Post 41751)
You just need to add the root (CA) certificate to the truststore.

When you're talking about the truststore, do you mean the 'CACerts' keystore located at the java directory\lib\security\cacerts or with the keystore created and loaded for Mirth itself? I've added it to the first one, but not the second one because it says in the SSL plugin manager guide that it isn't used for HTTP Senders (but is still required).

narupley 08-27-2014 09:53 AM

Quote:

Originally Posted by mirraraenn (Post 41757)
When you're talking about the truststore, do you mean the 'CACerts' keystore located at the java directory\lib\security\cacerts or with the keystore created and loaded for Mirth itself? I've added it to the first one, but not the second one because it says in the SSL plugin manager guide that it isn't used for HTTP Senders (but is still required).

Neither. You need to add it to appdata/truststore.jks and restart the Mirth Connect server. You should not be touching the Mirth Connect keystore (appdata/keystore.jks) at all.

As I said here as well, in 3.1 we're completely overhauling the SSL Manager plugin to be much easier to use. I highly recommend watching this (starts at 7:19): http://www.mirthcorp.com/protected-c...eveloper-qa-73

mirraraenn 08-27-2014 07:14 PM

Quote:

Originally Posted by narupley (Post 41758)
Neither. You need to add it to appdata/truststore.jks and restart the Mirth Connect server. You should not be touching the Mirth Connect keystore (appdata/keystore.jks) at all.

As I said here as well, in 3.1 we're completely overhauling the SSL Manager plugin to be much easier to use. I highly recommend watching this (starts at 7:19): http://www.mirthcorp.com/protected-c...eveloper-qa-73

Thanks Narupley, this helped very much. For anyone viewing this thread with the same problem, what you need to do is to:
1. Navigate to http://portecle.sourceforge.net/ and launch the Portecle tool.
2. Once it has launched, navigate to the Mirth application files and open the truststore.jks file located at %MirthAppdataFolder%\appdata\truststore.jks (in my case on x64 Windows it was C:\Program Files\Mirth Connect\appdata\truststore.jks).
3. You will be prompted for a password, which you will need to get from the mirth.properties file at %MIrthAppDataFolder%\conf\mirth.properties. It will look similiar to this
keystore.storepass = XXXXXXXXX
4. Once opened, select the import certificate button and load the trusted CA certificate whose sites you will be trying to connect to.
5. I am not sure if this keystore is refreshed or not while Mirth is running, do you need to restart Mirth to have it refresh its certificate trust? That would be the final step if it were necessary.

I have a separate issue now that this is fixed, but will address it in a separate thread. Thanks again!

tsayers 08-23-2016 09:30 AM

Quote:

Originally Posted by narupley (Post 41758)
I highly recommend watching this (starts at 7:19): http://www.mirthcorp.com/protected-c...eveloper-qa-73

This was very helpful. Do you have a similar demo for when using SSL Tunnels?

chapanovich 06-11-2018 11:47 AM

mirth service keeps restoring original keystore
 
I added a certificate and root certificate to keystore.jks but whenever the service starts it recreates the original one. Then I tried creating an entirely new keystore with a different name and modified mirth.conf to point to it, but when the service starts it replaces that one with the original keystore. Any way around this?

narupley 06-12-2018 06:42 AM

Quote:

Originally Posted by chapanovich (Post 263897)
I added a certificate and root certificate to keystore.jks but whenever the service starts it recreates the original one. Then I tried creating an entirely new keystore with a different name and modified mirth.conf to point to it, but when the service starts it replaces that one with the original keystore. Any way around this?

You just need to use the alias "mirthconnect" for your cert chain entry. That's what the server looks for when it starts up.


All times are GMT -8. The time now is 02:20 PM.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2019, vBulletin Solutions, Inc.
Mirth Corporation