web stats
Mirth certificate problems - Mirth Community

Go Back   Mirth Community > Mirth Connect > Support

Reply
 
Thread Tools Display Modes
  #1  
Old 11-29-2013, 05:29 AM
sdpillar sdpillar is offline
Mirth Newb
 
Join Date: Mar 2013
Posts: 14
sdpillar is on a distinguished road
Default Mirth certificate problems

I have a 2.2.3 installation of Mirth that utilises certificates to connect to a server.

The private key and the signed client certificate has been added to a certificate chain, which has been installed as the Mirth truststore.jks file.

However I get the following error when running through a java function called from Mirth:

DETAILS: Wrapped javax.naming.CommunicationException: Received fatal alert: bad_certificate [Root exception is javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate]; remaining name 'ou=organisations, o=nhs'
at 3fad5345-c10e-4373-ab0c-ab9960d83880:17 (doTransform)
at 3fad5345-c10e-4373-ab0c-ab9960d83880:110
at com.mirth.connect.server.mule.transformers.JavaScr iptTransformer.evaluateScript(JavaScriptTransforme r.java:398)
at com.mirth.connect.server.mule.transformers.JavaScr iptTransformer.transform(JavaScriptTransformer.jav a:296)
at org.mule.transformers.AbstractEventAwareTransforme r.doTransform(AbstractEventAwareTransformer.java:4 8)
at org.mule.transformers.AbstractTransformer.transfor m(AbstractTransformer.java:197)
at org.mule.transformers.AbstractTransformer.transfor m(AbstractTransformer.java:200)
at org.mule.transformers.AbstractTransformer.transfor m(AbstractTransformer.java:200)
at org.mule.impl.MuleEvent.getTransformedMessage(Mule Event.java:251)
at org.mule.routing.inbound.SelectiveConsumer.isMatch (SelectiveConsumer.java:61)
at org.mule.routing.inbound.InboundMessageRouter.rout e(InboundMessageRouter.java:79)
at org.mule.providers.AbstractMessageReceiver$Default InternalMessageListener.onMessage(AbstractMessageR eceiver.java:487)
at org.mule.providers.AbstractMessageReceiver.routeMe ssage(AbstractMessageReceiver.java:266)
at org.mule.providers.AbstractMessageReceiver.routeMe ssage(AbstractMessageReceiver.java:225)
at com.mirth.connect.connectors.file.FileMessageRecei ver.processFile(FileMessageReceiver.java:228)
at com.mirth.connect.connectors.file.FileMessageRecei ver.poll(FileMessageReceiver.java:118)
at org.mule.providers.PollingMessageReceiver.run(Poll ingMessageReceiver.java:97)
at org.mule.impl.work.WorkerContext.run(WorkerContext .java:290)
at edu.emory.mathcs.backport.java.util.concurrent.Thr eadPoolExecutor.runWorker(ThreadPoolExecutor.java: 1061)
at edu.emory.mathcs.backport.java.util.concurrent.Thr eadPoolExecutor$Worker.run(ThreadPoolExecutor.java :575)
at java.lang.Thread.run(Unknown Source)
Caused by: javax.naming.CommunicationException: Received fatal alert: bad_certificate [Root exception is javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate]; remaining name 'ou=organisations, o=nhs'
at com.sun.jndi.ldap.LdapCtx.doSearch(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.searchAux(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.c_search(Unknown Source)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_sea rch(Unknown Source)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContex t.search(Unknown Source)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContex t.search(Unknown Source)
at javax.naming.directory.InitialDirContext.search(Un known Source)
at com.hssnet.spine.SpineDirectoryService.getNACSCode (SpineDirectoryService.java:98)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Nativ e Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknow n Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Un known Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at org.mozilla.javascript.MemberBox.invoke(MemberBox. java:126)
at org.mozilla.javascript.NativeJavaMethod.call(Nativ eJavaMethod.java:225)
at org.mozilla.javascript.Interpreter.interpretLoop(I nterpreter.java:1473)
at org.mozilla.javascript.Interpreter.interpret(Inter preter.java:815)
at org.mozilla.javascript.InterpretedFunction.call(In terpretedFunction.java:109)
at org.mozilla.javascript.ContextFactory.doTopCall(Co ntextFactory.java:394)
at org.mozilla.javascript.ScriptRuntime.doTopCall(Scr iptRuntime.java:3091)
at org.mozilla.javascript.InterpretedFunction.exec(In terpretedFunction.java:120)
at com.mirth.connect.server.mule.transformers.JavaScr iptTransformer.evaluateScript(JavaScriptTransforme r.java:342)
... 18 more
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
at sun.security.ssl.Alerts.getSSLException(Unknown Source)
at sun.security.ssl.Alerts.getSSLException(Unknown Source)
at sun.security.ssl.SSLSocketImpl.recvAlert(Unknown Source)
at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
at sun.security.ssl.SSLSocketImpl.performInitialHands hake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.writeRecord(Unknown Source)
at sun.security.ssl.AppOutputStream.write(Unknown Source)
at java.io.BufferedOutputStream.flushBuffer(Unknown Source)
at java.io.BufferedOutputStream.flush(Unknown Source)
at com.sun.jndi.ldap.Connection.writeRequest(Unknown Source)
at com.sun.jndi.ldap.LdapClient.search(Unknown Source)
... 39 more


Any suggestions much appreciated...
Reply With Quote
  #2  
Old 12-02-2013, 06:23 AM
sdpillar sdpillar is offline
Mirth Newb
 
Join Date: Mar 2013
Posts: 14
sdpillar is on a distinguished road
Default Mirth and certificates

I am developing an app where Mirth has to connect to a server using SSL certificates and am struggling to understand how Mirth does this.

I can see that Mirth has a truststore.jks file and a keystore.jks file and that Mirth generates a certificate and encryption key on startup that is held in the keystore.jks file.

The default truststore.jks file is empty - should anything be added to it?

Does Mirth automatically reference the certificates in the Java/lib/security/cacerts file?

Mirth version 2.2.3

Any help much appreciated...
Reply With Quote
  #3  
Old 12-03-2013, 04:37 AM
FloridaMark FloridaMark is offline
Mirth Newb
 
Join Date: May 2010
Location: Gainesville, Florida
Posts: 15
FloridaMark is on a distinguished road
Default Are you using the SSL Manager plugin?

Hi Steve-

Are you using the SSL Manager plugin? That module is only available to support customers. We are using the native version of Mirth Connect (i.e. the free one ) and sending data to Mirth on a server using web services. We are trying to figure out the best way to do this and encrypt the data stream to protect PHI.

Thanks.

Mark
__________________
Mark Beans
http://MedicalSoftwareTools.com
Reply With Quote
  #4  
Old 12-04-2013, 02:22 AM
sdpillar sdpillar is offline
Mirth Newb
 
Join Date: Mar 2013
Posts: 14
sdpillar is on a distinguished road
Default

Hi Mark,

Yes we had considered using the SSL Manager plugin but for the moment prefer to develop a solution in Mirth as is.

We have developed some java functions to call the ldap server and get back the info required. These are called from within a Mirth transformer. As indicated earlier we think we have installed the client certificates correctly in the Mirth truststore file, but accept that we could be completely wrong here.

When running the channel in the normal way we get the bad certificate error.

However when the java functions are called from a batch file connectivity is made to the server and required info retrieved. This batch file can be run from Mirth and takes the same keystore file as one of its parameters.

We could continue utilising the batch file solution but ideally would like to know if our Mirth configuration is erroring.
Reply With Quote
Reply

Tags
certificates, exception, mirth connect, ssl

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -8. The time now is 09:42 AM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2019, vBulletin Solutions, Inc.
Mirth Corporation