I am using https for a web service and the certificate is a temporary one I created and then imported it to a remote machine. The binding of my WCF service uses the machine name not the ip address. I want to test the service on a remote machine but the only way the service is accessible is to use the ip address by changing the client address for the service. But then the service fails because the certificate expects the machine name and not the ip address. How can I use the machine name and not the ip address to access the remote server?
Create binding for ip address in the hosts file (C:\Windows\System32\drivers\etc) and then use this binding instead of ip.
Related
I am trying to set up a client-server EJB using two different machines on my network. while installing WAS server it prompted me to add admin credentials, so LTPA is enabled (hope it enabled SSL). Now on client EJB deployed WAS server I have to configure the outbound IIOP SSL certificate(Correct me if I am wrong on this). But unfortunately in the server WAS admin console I can see SSL Signer certificates cn(Host/domain) parameter as localhost. the same "localhost" is arriving when I try to "retrieve from port" in client EJB WAS server.
I have attached the "Retrieve from port" screenshot
Client WAS retrieve from port action
Even I have tried changing the hostname in the server WAS under the Server-> Communications -> Port to IP address instead of localhost.
I expect it should bring domainname.ipaddress
"Retrieve from port" action always brings "localhost" from the remote server
As per the comment by #Gas, I am following this below link
https://www.ibm.com/support/knowledgecenter/en/SSAW57_8.5.5/com.ibm.websphere.nd.multiplatform.doc/ae/tsec_sslreplacecell.html
will update in short
I have a Server which is on both the internet and a private network.
I am trying to set up TLS on an internal private network as requested by my manager.
The service is available to both internet and private internal network clients.
External clients use the internet with their Client certificates - this works great.
Internal clients get an Cert error as they are accessing the service using the IP address of the server on the internal network.
I've tried 'trick' the client machines by translating the domain name in the Server cert to the IP address of the server - but we still get the server cert Error.
As far as I am aware I cant get a cert issued for the server as it's not a verifiable domain name ( in fact its an IP address ). We do not have any DNS on the private network.
Any idea what else I could try?
Usually, you set up split DNS to resolve the server's name to the private IP instead of the public IP - your local DNS server just resolves the name by a local entry instead of passing the request to an upstream server. That way, both internal and external users resolve the name to the address they need and both groups are happy.
If you do need to use IP addresses you have to include both of them as alternate names in the certificate.
I'm doing some development and want to point a remote webhook I have to a server I have on my localmachine. I was able to create a SSL certificate on my machine, and from my own machine I can access https://localhost:3000 and it accepts HTTPS.
I forwarded port 3000 on my router to my localmachine, and it works if I use my external IP address with http, but not with http.
e.g: http://my-external-ip-address:3000 works https://my-external-ip-address:3000 does not work.
What do I need to do to have https on my external IP address work?
Make sure that the caller can work with self-signed certificates (which looks like what's you have). Alternatively, check a SSH tunnel service such as ngrok.com (free).
We're developing a C#/.NET WCF web service that needs be installed on an (enterprise) customer's machine, which may or may not have Apache/IIS running as well.
Communication with our service has to be secured with SSL, but what if the existing Apache/IIS is already using an SSL cert for this address? Can we share it since the host is the same?
For example:
Host: sasquatch.ourcustomer.com
Their existing stuff: Apache or IIS is running on port 80
Our newly installed stuff: Our service is running on port 9999
If Apache/IIS has its own cert, should/can we use it too?
If not, what should we do?
A certificate identifies a host and not a service. It is independent from the port you use or the application providing the service. If you have multiple services on the same host it is still the same host, so you can use the same certificate.
We have a cluster where to WCF services are running as a resource each in a separated resource group. These groups have a dns alias named to there cap name e.g. APPQA en APPPROD each with an IP's 10.110.250.1 and 10.110.250.2.
Actually it's the same WCF service but running on another baseadresss, like this example of our baseAdress:
<add baseAdress="net.tcp://appqa.domain.com:4504/....
and
<add baseAdress="net.tcp://appprod.domain.com:4504/....
But when running these services on the same node we noticed that we were getting errors like there is Address is in use.
We found that weird because we added our alias in the base address section a nslookup of both our aliases and that gave us both the right IP address.
When running only the PROD service, I did a telnet command to the IP address of the QA and the 4504 port. I was able to make a connection this means that we are actually running on both IP adresses (or all addresses and port like 0:0:0:0:4504).
As an extra test we changed our baseadresses to
<add baseAdress="net.tcp://10.110.250.1:4504/....
<add baseAdress="net.tcp://10.110.250.2:4504/....
And then we can run both services next to each other on the same node, so we prove that our services work only the dns resolution does not work.
It all works in when we enable port sharing but we don't want do that because of a different SLA.
Has someone a idea how we can force WCF to use the IP address of his dns alias?