Mirth Community

Mirth Community (http://www.mirthcorp.com/community/forums/index.php)
-   Support (http://www.mirthcorp.com/community/forums/forumdisplay.php?f=6)
-   -   Mirth certificate problems (http://www.mirthcorp.com/community/forums/showthread.php?t=9674)

sdpillar 11-29-2013 04:29 AM

Mirth certificate problems
 
I have a 2.2.3 installation of Mirth that utilises certificates to connect to a server.

The private key and the signed client certificate has been added to a certificate chain, which has been installed as the Mirth truststore.jks file.

However I get the following error when running through a java function called from Mirth:

DETAILS: Wrapped javax.naming.CommunicationException: Received fatal alert: bad_certificate [Root exception is javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate]; remaining name 'ou=organisations, o=nhs'
at 3fad5345-c10e-4373-ab0c-ab9960d83880:17 (doTransform)
at 3fad5345-c10e-4373-ab0c-ab9960d83880:110
at com.mirth.connect.server.mule.transformers.JavaScr iptTransformer.evaluateScript(JavaScriptTransforme r.java:398)
at com.mirth.connect.server.mule.transformers.JavaScr iptTransformer.transform(JavaScriptTransformer.jav a:296)
at org.mule.transformers.AbstractEventAwareTransforme r.doTransform(AbstractEventAwareTransformer.java:4 8)
at org.mule.transformers.AbstractTransformer.transfor m(AbstractTransformer.java:197)
at org.mule.transformers.AbstractTransformer.transfor m(AbstractTransformer.java:200)
at org.mule.transformers.AbstractTransformer.transfor m(AbstractTransformer.java:200)
at org.mule.impl.MuleEvent.getTransformedMessage(Mule Event.java:251)
at org.mule.routing.inbound.SelectiveConsumer.isMatch (SelectiveConsumer.java:61)
at org.mule.routing.inbound.InboundMessageRouter.rout e(InboundMessageRouter.java:79)
at org.mule.providers.AbstractMessageReceiver$Default InternalMessageListener.onMessage(AbstractMessageR eceiver.java:487)
at org.mule.providers.AbstractMessageReceiver.routeMe ssage(AbstractMessageReceiver.java:266)
at org.mule.providers.AbstractMessageReceiver.routeMe ssage(AbstractMessageReceiver.java:225)
at com.mirth.connect.connectors.file.FileMessageRecei ver.processFile(FileMessageReceiver.java:228)
at com.mirth.connect.connectors.file.FileMessageRecei ver.poll(FileMessageReceiver.java:118)
at org.mule.providers.PollingMessageReceiver.run(Poll ingMessageReceiver.java:97)
at org.mule.impl.work.WorkerContext.run(WorkerContext .java:290)
at edu.emory.mathcs.backport.java.util.concurrent.Thr eadPoolExecutor.runWorker(ThreadPoolExecutor.java: 1061)
at edu.emory.mathcs.backport.java.util.concurrent.Thr eadPoolExecutor$Worker.run(ThreadPoolExecutor.java :575)
at java.lang.Thread.run(Unknown Source)
Caused by: javax.naming.CommunicationException: Received fatal alert: bad_certificate [Root exception is javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate]; remaining name 'ou=organisations, o=nhs'
at com.sun.jndi.ldap.LdapCtx.doSearch(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.searchAux(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.c_search(Unknown Source)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_sea rch(Unknown Source)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContex t.search(Unknown Source)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContex t.search(Unknown Source)
at javax.naming.directory.InitialDirContext.search(Un known Source)
at com.hssnet.spine.SpineDirectoryService.getNACSCode (SpineDirectoryService.java:98)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Nativ e Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknow n Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Un known Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at org.mozilla.javascript.MemberBox.invoke(MemberBox. java:126)
at org.mozilla.javascript.NativeJavaMethod.call(Nativ eJavaMethod.java:225)
at org.mozilla.javascript.Interpreter.interpretLoop(I nterpreter.java:1473)
at org.mozilla.javascript.Interpreter.interpret(Inter preter.java:815)
at org.mozilla.javascript.InterpretedFunction.call(In terpretedFunction.java:109)
at org.mozilla.javascript.ContextFactory.doTopCall(Co ntextFactory.java:394)
at org.mozilla.javascript.ScriptRuntime.doTopCall(Scr iptRuntime.java:3091)
at org.mozilla.javascript.InterpretedFunction.exec(In terpretedFunction.java:120)
at com.mirth.connect.server.mule.transformers.JavaScr iptTransformer.evaluateScript(JavaScriptTransforme r.java:342)
... 18 more
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
at sun.security.ssl.Alerts.getSSLException(Unknown Source)
at sun.security.ssl.Alerts.getSSLException(Unknown Source)
at sun.security.ssl.SSLSocketImpl.recvAlert(Unknown Source)
at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
at sun.security.ssl.SSLSocketImpl.performInitialHands hake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.writeRecord(Unknown Source)
at sun.security.ssl.AppOutputStream.write(Unknown Source)
at java.io.BufferedOutputStream.flushBuffer(Unknown Source)
at java.io.BufferedOutputStream.flush(Unknown Source)
at com.sun.jndi.ldap.Connection.writeRequest(Unknown Source)
at com.sun.jndi.ldap.LdapClient.search(Unknown Source)
... 39 more


Any suggestions much appreciated...

sdpillar 12-02-2013 05:23 AM

Mirth and certificates
 
I am developing an app where Mirth has to connect to a server using SSL certificates and am struggling to understand how Mirth does this.

I can see that Mirth has a truststore.jks file and a keystore.jks file and that Mirth generates a certificate and encryption key on startup that is held in the keystore.jks file.

The default truststore.jks file is empty - should anything be added to it?

Does Mirth automatically reference the certificates in the Java/lib/security/cacerts file?

Mirth version 2.2.3

Any help much appreciated...

FloridaMark 12-03-2013 03:37 AM

Are you using the SSL Manager plugin?
 
Hi Steve-

Are you using the SSL Manager plugin? That module is only available to support customers. We are using the native version of Mirth Connect (i.e. the free one :D) and sending data to Mirth on a server using web services. We are trying to figure out the best way to do this and encrypt the data stream to protect PHI.

Thanks.

Mark

sdpillar 12-04-2013 01:22 AM

Hi Mark,

Yes we had considered using the SSL Manager plugin but for the moment prefer to develop a solution in Mirth as is.

We have developed some java functions to call the ldap server and get back the info required. These are called from within a Mirth transformer. As indicated earlier we think we have installed the client certificates correctly in the Mirth truststore file, but accept that we could be completely wrong here.

When running the channel in the normal way we get the bad certificate error.

However when the java functions are called from a batch file connectivity is made to the server and required info retrieved. This batch file can be run from Mirth and takes the same keystore file as one of its parameters.

We could continue utilising the batch file solution but ideally would like to know if our Mirth configuration is erroring.


All times are GMT -8. The time now is 04:04 AM.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2019, vBulletin Solutions, Inc.
Mirth Corporation