-
Dear Mr. Giuseppe,
Thank you so much for your nice reply.
Is the correct way to add the parameter to "LS.bat" at anywhere in the file just like that?:
"-Djavax.net.debug=ssl:handshake:verbose"
Thank you so much in advance.
-
Hi William1,
No, the -Djavax.net.debug=ssl:handshake:verbose options must be added to the JAVA_OPTS parameter.
Referring to the factory LS.bat of version 5 just append to the line
set JAVA_OPTS=-server
that will become
set JAVA_OPTS=-server -Djavax.net.debug=ssl:handshake:verbose
I'm sorry I didn't provide more detailed instructions in previous posts.
Regards,
Giuseppe
-
1 Attachment(s)
Dear Mr. Giuseppe,
Thank you so much for your nice reply and clear information.
I have add the parameter in "LS.bat" file, and I have attached to you the logs from "LS.out" after launch a Lightstreamer server.
I appreciate you for your nice help.
Thank you so much in advance.
-
Hi William1,
The ssl debug output does not report any handshake operation, but only the initialization phase where the root certificates are loaded and the cipher suites set.
Could you collect the log only after having performed a connection test with the client?
Furthermore, please could you comment out this configuration in the lightstreamer_conf.xml file:
<!-- <remove_cipher_suites>_DHE_</remove_cipher_suites> -->
Regards,
Giuseppe
-
1 Attachment(s)
Dear Mr. Giuseppe,
Thank you so much, I appreciate your kind help..
- I have comment out "<!-- <remove_cipher_suites>_DHE_</remove_cipher_suites> -->" from the lightstreamer_conf.xml file.
- I have collect the log after having performed a connection with the client and I have attached the "LS.out" for you.
I appreciate you for your nice help.
Thank you so much in advance.
-
Hi William1,
From the log it seems that among all the cipher suites available on the server side there is none supported also by the client.
So it is no Lightstreamer configuration that precludes the success of the handshake operation.
Maybe your java 8 installation has a problem, please could you upgrade to the latest Java 8 build number.
Hope that helps.
Regards,
Giuseppe
-
1 Attachment(s)
Dear Mr. Giuseppe,
Thank you so much for your kind help..
Kindly, I have just upgrade java 8 to the latest build number "8u311"
Please I have attached to you the "LS.out" after upgrade and performed a connection with the client.
I appreciate you for your nice help.
Thank you so much in advance.
-
Hi William1,
Unfortunately the result has not changed, but actually the log shows differences from the previous test which seem to indicate the problem in the certificate.
Indeed, the error is due to the authentication scheme that should depend on the type of algorithm used for the generation of the certificate key.
Can you recover the type of algorithm used in that phase?
Anyway, you could verify your certificate using this tool: https://www.ssllabs.com/ssltest/
You have to indicate the url of your Lightstreamer server and in the results you should see all the connection tests from various types of clients.
Regards,
Giuseppe
-
Dear Mr. Giuseppe,
Thank you so much for your nice reply and clarification.
How could I recover the type of algorithm?
if you mean via keytool;
Could you please help me with the correct command to convert my "certificate.crt" to "mykeystore.jks" with RSA via keytool.
then to insert it in Lightstreamer server.
I appreciate you for your nice help.
Thank you so much in advance.
-
Hi William1,
Yes, if you started the process of generation of the certificate from the key pair creation, the algorithm is specified in the keytool command; referring to the instructions from our documentation (https://lightstreamer.com/docs/ls-se...rtificates.pdf):
keytool -genkeypair -alias LS -keystore myserver.keystore -keypass
mypassword -storepass mypassword -storetype JKS -keyalg "RSA"
-keysize 2048 -validity 365 -dname "CN=push.mycompany.com,
O=MYCOMPANY INC., L=MyCity, ST=MyState, C=MyCountry" -ext
SAN=dns:push.mycompany.com
But if you have converted an already existing certificate, obviously the algorithm is derived from the existing cert.
Please also remember to test your server url with ssllabs, as already suggested in my previous post, so you can get detailed information about your certificate.
Regards,
Giuseppe