web stats
Connecting to channel, securely (HTTPS Listener) - Mirth Community

Go Back   Mirth Community > Mirth Connect > Support

Reply
 
Thread Tools Display Modes
  #1  
Old 03-03-2015, 04:13 AM
ab2488587 ab2488587 is offline
OBX.1 Kenobi
 
Join Date: Nov 2014
Posts: 32
ab2488587 is on a distinguished road
Unhappy Connecting to channel, securely (HTTPS Listener)

Is there any way to assure an encrypted connection though HTTP/WS Listener, without having the SSL Manager plugin (which needs to be heavily paid for)?

I've heard Stunnel might be an alternative, but if I'm not mistaken, that's only for sending securely, I need to connect to a channel securely.

Is there plans for offering SSL Manager plugin for academic purposes or as a separate, less brutally expensive subscription?
Reply With Quote
  #2  
Old 03-03-2015, 06:30 AM
ab2488587 ab2488587 is offline
OBX.1 Kenobi
 
Join Date: Nov 2014
Posts: 32
ab2488587 is on a distinguished road
Default

It appears that Stunnel can act as both server and client so it might just be the solution.
I'm wondering if it is possible to send a message and get a response securely, like so:
Quote:
Origin -> Stunnel port (secure) -> Mirth port (unsecure) -> Process and respond -> Stunnel port (secure) -> Origin
.

Also, is it true to say that, in order for me to secure a SOAP Listener channel, I'll have to send SOAP envelopes the same way I'd send an HTTP message (through Stunnel)?

Last edited by ab2488587; 03-03-2015 at 06:36 AM. Reason: clarification
Reply With Quote
  #3  
Old 03-05-2015, 09:21 AM
clarkmirth clarkmirth is offline
Mirth Newb
 
Join Date: Jun 2014
Posts: 10
clarkmirth is on a distinguished road
Default

I haven't tried this, but could you use a ssl termination proxy? I think nginx and haproxy could do that kind of thing. They basically handle the https stuff and pass unencrypted traffic back to mirth. haproxy is pretty cool tool to check out anyway, load balancing and routing.
Reply With Quote
  #4  
Old 03-06-2015, 01:39 PM
rastababy rastababy is offline
OBX.2 Kenobi
 
Join Date: Mar 2008
Posts: 72
rastababy
Default

Would recommend trying STUNNEL. We use it and it works with no problems. I believe STUNNEL is used on the Mirth SSL Connector as well on the commercial support version.

We send and receive messages/responses thru STUNNEL as well for webservices.
Reply With Quote
  #5  
Old 03-06-2015, 04:28 PM
narupley's Avatar
narupley narupley is online now
Mirth Employee
 
Join Date: Oct 2010
Posts: 7,126
narupley is on a distinguished road
Default

Quote:
Originally Posted by rastababy View Post
Would recommend trying STUNNEL. We use it and it works with no problems. I believe STUNNEL is used on the Mirth SSL Connector as well on the commercial support version.

We send and receive messages/responses thru STUNNEL as well for webservices.
Just for clarification, Mirth Connect doesn't use stunnel at all for any of our SSL-related features, either in core or the SSL Manager. It's all built from the ground-up, occasionally using BouncyCastle for some things.
__________________
Step 1: JAVA CACHE...DID YOU CLEAR ...wait, ding dong the witch is dead?

Nicholas Rupley
Work: 949-237-6069
Always include what Mirth Connect version you're working with. Also include (if applicable) the code you're using and full stacktraces for errors (use CODE tags). Posting your entire channel is helpful as well; make sure to scrub any PHI/passwords first.


- How do I foo?
- You just bar.
Reply With Quote
  #6  
Old 03-13-2015, 07:51 AM
ab2488587 ab2488587 is offline
OBX.1 Kenobi
 
Join Date: Nov 2014
Posts: 32
ab2488587 is on a distinguished road
Default

Thanks for the suggestions!
Nick, any comments on this?

Quote:
Originally Posted by ab2488587 View Post
Is there plans for offering SSL Manager plugin for academic purposes or as a separate, less brutally expensive subscription?
Reply With Quote
  #7  
Old 03-13-2015, 09:46 AM
narupley's Avatar
narupley narupley is online now
Mirth Employee
 
Join Date: Oct 2010
Posts: 7,126
narupley is on a distinguished road
Default

Quote:
Originally Posted by ab2488587 View Post
Thanks for the suggestions!
Nick, any comments on this?
For that, contact our sales team and they'll know the answer: http://www.mirthcorp.com/company/contact
__________________
Step 1: JAVA CACHE...DID YOU CLEAR ...wait, ding dong the witch is dead?

Nicholas Rupley
Work: 949-237-6069
Always include what Mirth Connect version you're working with. Also include (if applicable) the code you're using and full stacktraces for errors (use CODE tags). Posting your entire channel is helpful as well; make sure to scrub any PHI/passwords first.


- How do I foo?
- You just bar.
Reply With Quote
  #8  
Old 04-13-2015, 12:36 PM
hmoen@saludmedica.com hmoen@saludmedica.com is offline
Mirth Newb
 
Join Date: Feb 2015
Posts: 6
hmoen@saludmedica.com is on a distinguished road
Default

STunnel works great and easy to setup if you are able to install STunnel [client mode] on the same private network the WS client is located. In our use case that was not possible, so we use Haproxy as a proxy for SSL termination with basic http authorization so that no additional software would need to be installed on the client side. I'm sure Nginx could do the same, but might be overkill. It's nice as well that mirth connect is not directly accessible via public port and passwords for http auth are encrypted inside haproxy config.
Reply With Quote
Reply

Tags
https

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -8. The time now is 11:03 AM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
Mirth Corporation