Hi All,

We have moved our Dev system to TLS 1.2 only and found that when we did that found that our handlers that utilizing the SOAP HTTP Request Ex2 function error out. The error we get is "An error Occurred in the Secure Channel Support.". We have used wireshark and do not see TLS1.2 being used so i am trying to figure out how to have the SOAP HTTP Request Ex2 function use TLS 1.2?

Thank you,
 Scott
#Handlers

------------------------------
Scott Williams
Missouri Higher Education Loan Authority
------------------------------

Is there a specific reason you're not using EX3 with soap certs?

------------------------------
Aaron Lael
State of Utah
------------------------------

Original Message:
Sent: 01-25-2019 12:41
From: Scott Williams
Subject: TLS 1.2 and HTTP request from Handlers

Hi All,

We have moved our Dev system to TLS 1.2 only and found that when we did that found that our handlers that utilizing the SOAP HTTP Request Ex2 function error out. The error we get is "An error Occurred in the Secure Channel Support.". We have used wireshark and do not see TLS1.2 being used so i am trying to figure out how to have the SOAP HTTP Request Ex2 function use TLS 1.2?

Thank you,
 Scott
#Handlers

------------------------------
Scott Williams
Missouri Higher Education Loan Authority
------------------------------

This was how the handlers were built, they haven't been touched in 3 years. Let me look into Ex3 and Certs.

Thank you,
 Scott

------------------------------
Scott Williams
Missouri Higher Education Loan Authority
------------------------------

Original Message:
Sent: 01-25-2019 12:44
From: Aaron Lael
Subject: TLS 1.2 and HTTP request from Handlers

Is there a specific reason you're not using EX3 with soap certs?

------------------------------
Aaron Lael
State of Utah

Original Message:
Sent: 01-25-2019 12:41
From: Scott Williams
Subject: TLS 1.2 and HTTP request from Handlers

Hi All,

We have moved our Dev system to TLS 1.2 only and found that when we did that found that our handlers that utilizing the SOAP HTTP Request Ex2 function error out. The error we get is "An error Occurred in the Secure Channel Support.". We have used wireshark and do not see TLS1.2 being used so i am trying to figure out how to have the SOAP HTTP Request Ex2 function use TLS 1.2?

Thank you,
 Scott
#Handlers

------------------------------
Scott Williams
Missouri Higher Education Loan Authority
------------------------------

If you're going to start using EX3, which you likely need to, you need to first install certs via certtrustu.exe, which is found in the server directory on your IC server.  Here's an old support case response that I keep around as a reference:

What is CertTrustU?

The SOAP Ex 3 toolstep differs from previous versions in that it uses Interactive Intelligence's ION library rather than relying on MSXML.  This allows it to handle considerably more concurrent requests and in general should be used in all instances. The ION library requires certificates to be converted to a .0 format, and placed in the I3\IC\Certificates\SOAP directory.  The conversion can be performed manually, but the CertTrustU.exe application was generated to automate the conversion process.  During this process, CertTrustU:

• Requests the entire certificate chain from the site

• performs the conversion

• places converted certificates in the specified folder

 

How to use CertTrustU

KB article: How to use CertTrustU.exe to automate Certificate conversion  https://my.inin.com/products/selfhelp/kb/Pages/default.aspx?View={DEE896E2-9298-4811-A781-7BC027D854C4}&FilterField1=EntryID&FilterValue1=Q142368328200338

Documented in Security Features Technical Reference: https://my.inin.com/products/cic/Documents/Security_Features_TR.pdf

 

CertTrustU.exe [-(c|e|s|y)]* (address) (port)

-c: Saves files in current directory

-e: Saves files in Certificates/Email

-s: Saves files in Certificates/SOAP

-y: Assume 'yes' response to all prompts

 

The application should be run in a command line from the location where the downloaded application resides.
2.  The "-s" switch saves the files in the soap folder under your Interaction Center certificate store
3.  The "-y" switch assume 'yes' response to all prompts, rather than waiting for the user input
4.  <address> is the name of the URL that will be used in the SOAP toolstep 
5.  <port> will be based on the URL, http is typically 80, while https is typically 443
6.   To see other available tool options, use the "/?" switch with no parameters.

 

Product Dependencies

• CertTrustU and the ION Library use OpenSSL to communicate to the web service.

• Due to the recent Logjam attack, IC requires that a Diffie-Hillman Group of 2048-bit or larger be used.

  • Might see Open SSL error, "error:14082174:SSL routines:SSL3_CHECK_CERT_AND_ALGORITHM:dh key too small"

 

Example:

CertTrustU.exe –s –y salesforce.com 443

Hope this is helpful.


------------------------------
Aaron Lael
State of Utah
------------------------------

Original Message:
Sent: 01-25-2019 12:41
From: Scott Williams
Subject: TLS 1.2 and HTTP request from Handlers

Hi All,

We have moved our Dev system to TLS 1.2 only and found that when we did that found that our handlers that utilizing the SOAP HTTP Request Ex2 function error out. The error we get is "An error Occurred in the Secure Channel Support.". We have used wireshark and do not see TLS1.2 being used so i am trying to figure out how to have the SOAP HTTP Request Ex2 function use TLS 1.2?

Thank you,
 Scott
#Handlers

------------------------------
Scott Williams
Missouri Higher Education Loan Authority
------------------------------

Thanks Aaron using the SOAP HTTP Request Ex3 worked!

------------------------------
Scott Williams
Missouri Higher Education Loan Authority
------------------------------

Original Message:
Sent: 01-25-2019 13:02
From: Aaron Lael
Subject: TLS 1.2 and HTTP request from Handlers

If you're going to start using EX3, which you likely need to, you need to first install certs via certtrustu.exe, which is found in the server directory on your IC server.  Here's an old support case response that I keep around as a reference:

What is CertTrustU?

The SOAP Ex 3 toolstep differs from previous versions in that it uses Interactive Intelligence's ION library rather than relying on MSXML.  This allows it to handle considerably more concurrent requests and in general should be used in all instances. The ION library requires certificates to be converted to a .0 format, and placed in the I3\IC\Certificates\SOAP directory.  The conversion can be performed manually, but the CertTrustU.exe application was generated to automate the conversion process.  During this process, CertTrustU:

• Requests the entire certificate chain from the site

• performs the conversion

• places converted certificates in the specified folder

 

How to use CertTrustU

KB article: How to use CertTrustU.exe to automate Certificate conversion  https://my.inin.com/products/selfhelp/kb/Pages/default.aspx?View={DEE896E2-9298-4811-A781-7BC027D854C4}&FilterField1=EntryID&FilterValue1=Q142368328200338

Documented in Security Features Technical Reference: https://my.inin.com/products/cic/Documents/Security_Features_TR.pdf

 

CertTrustU.exe [-(c|e|s|y)]* (address) (port)

-c: Saves files in current directory

-e: Saves files in Certificates/Email

-s: Saves files in Certificates/SOAP

-y: Assume 'yes' response to all prompts

 

The application should be run in a command line from the location where the downloaded application resides.
2.  The "-s" switch saves the files in the soap folder under your Interaction Center certificate store
3.  The "-y" switch assume 'yes' response to all prompts, rather than waiting for the user input
4.  <address> is the name of the URL that will be used in the SOAP toolstep
5.  <port> will be based on the URL, http is typically 80, while https is typically 443
6.   To see other available tool options, use the "/?" switch with no parameters.

 

Product Dependencies

• CertTrustU and the ION Library use OpenSSL to communicate to the web service.

• Due to the recent Logjam attack, IC requires that a Diffie-Hillman Group of 2048-bit or larger be used.

  • Might see Open SSL error, "error:14082174:SSL routines:SSL3_CHECK_CERT_AND_ALGORITHM:dh key too small"

 

Example:

CertTrustU.exe –s –y salesforce.com 443

Hope this is helpful.


------------------------------
Aaron Lael
State of Utah

Original Message:
Sent: 01-25-2019 12:41
From: Scott Williams
Subject: TLS 1.2 and HTTP request from Handlers

Hi All,

We have moved our Dev system to TLS 1.2 only and found that when we did that found that our handlers that utilizing the SOAP HTTP Request Ex2 function error out. The error we get is "An error Occurred in the Secure Channel Support.". We have used wireshark and do not see TLS1.2 being used so i am trying to figure out how to have the SOAP HTTP Request Ex2 function use TLS 1.2?

Thank you,
 Scott
#Handlers

------------------------------
Scott Williams
Missouri Higher Education Loan Authority
------------------------------