Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 23
  1. #11
    Dear Mr. Giuseppe,

    Thank you so much for your nice reply.

    Is the correct way to add the parameter to "LS.bat" at anywhere in the file just like that?:

    "-Djavax.net.debug=ssl:handshake:verbose"


    Thank you so much in advance.

  2. #12
    Administrator
    Join Date
    Feb 2012
    Location
    Milano
    Posts
    716
    Hi William1,

    No, the -Djavax.net.debug=ssl:handshake:verbose options must be added to the JAVA_OPTS parameter.
    Referring to the factory LS.bat of version 5 just append to the line

    set JAVA_OPTS=-server

    that will become

    set JAVA_OPTS=-server -Djavax.net.debug=ssl:handshake:verbose

    I'm sorry I didn't provide more detailed instructions in previous posts.

    Regards,
    Giuseppe

  3. #13
    Dear Mr. Giuseppe,

    Thank you so much for your nice reply and clear information.


    I have add the parameter in "LS.bat" file, and I have attached to you the logs from "LS.out" after launch a Lightstreamer server.


    I appreciate you for your nice help.

    Thank you so much in advance.
    Attached Files Attached Files

  4. #14
    Administrator
    Join Date
    Feb 2012
    Location
    Milano
    Posts
    716
    Hi William1,

    The ssl debug output does not report any handshake operation, but only the initialization phase where the root certificates are loaded and the cipher suites set.
    Could you collect the log only after having performed a connection test with the client?

    Furthermore, please could you comment out this configuration in the lightstreamer_conf.xml file:

    <!-- <remove_cipher_suites>_DHE_</remove_cipher_suites> -->

    Regards,
    Giuseppe

  5. #15
    Dear Mr. Giuseppe,

    Thank you so much, I appreciate your kind help..


    - I have comment out "<!-- <remove_cipher_suites>_DHE_</remove_cipher_suites> -->" from the lightstreamer_conf.xml file.

    - I have collect the log after having performed a connection with the client and I have attached the "LS.out" for you.


    I appreciate you for your nice help.

    Thank you so much in advance.
    Attached Files Attached Files

  6. #16
    Administrator
    Join Date
    Feb 2012
    Location
    Milano
    Posts
    716
    Hi William1,

    From the log it seems that among all the cipher suites available on the server side there is none supported also by the client.
    So it is no Lightstreamer configuration that precludes the success of the handshake operation.
    Maybe your java 8 installation has a problem, please could you upgrade to the latest Java 8 build number.

    Hope that helps.

    Regards,
    Giuseppe

  7. #17
    Dear Mr. Giuseppe,

    Thank you so much for your kind help..


    Kindly, I have just upgrade java 8 to the latest build number "8u311"

    Please I have attached to you the "LS.out" after upgrade and performed a connection with the client.


    I appreciate you for your nice help.

    Thank you so much in advance.
    Attached Files Attached Files

  8. #18
    Administrator
    Join Date
    Feb 2012
    Location
    Milano
    Posts
    716
    Hi William1,

    Unfortunately the result has not changed, but actually the log shows differences from the previous test which seem to indicate the problem in the certificate.
    Indeed, the error is due to the authentication scheme that should depend on the type of algorithm used for the generation of the certificate key.
    Can you recover the type of algorithm used in that phase?

    Anyway, you could verify your certificate using this tool: https://www.ssllabs.com/ssltest/

    You have to indicate the url of your Lightstreamer server and in the results you should see all the connection tests from various types of clients.

    Regards,
    Giuseppe

  9. #19
    Dear Mr. Giuseppe,

    Thank you so much for your nice reply and clarification.


    How could I recover the type of algorithm?

    if you mean via keytool;

    Could you please help me with the correct command to convert my "certificate.crt" to "mykeystore.jks" with RSA via keytool.

    then to insert it in Lightstreamer server.


    I appreciate you for your nice help.

    Thank you so much in advance.

  10. #20
    Administrator
    Join Date
    Feb 2012
    Location
    Milano
    Posts
    716
    Hi William1,

    Yes, if you started the process of generation of the certificate from the key pair creation, the algorithm is specified in the keytool command; referring to the instructions from our documentation (https://lightstreamer.com/docs/ls-se...rtificates.pdf):


    keytool -genkeypair -alias LS -keystore myserver.keystore -keypass
    mypassword -storepass mypassword -storetype JKS -keyalg "RSA"
    -keysize 2048 -validity 365 -dname "CN=push.mycompany.com,
    O=MYCOMPANY INC., L=MyCity, ST=MyState, C=MyCountry" -ext
    SAN=dnsush.mycompany.com


    But if you have converted an already existing certificate, obviously the algorithm is derived from the existing cert.

    Please also remember to test your server url with ssllabs, as already suggested in my previous post, so you can get detailed information about your certificate.

    Regards,
    Giuseppe

 

 

Similar Threads

  1. How to enable SSL
    By devx in forum General
    Replies: 1
    Last Post: October 18th, 2018, 11:09 AM
  2. General understanding (need help!)
    By b45ic in forum Adapter SDKs
    Replies: 2
    Last Post: August 21st, 2014, 06:52 PM
  3. Replies: 0
    Last Post: March 8th, 2010, 11:27 AM
  4. Replies: 3
    Last Post: February 19th, 2010, 12:14 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
All times are GMT +1. The time now is 11:12 AM.