Something Weird .. Somewhere?
Sometime ago we had implemented a DMZ configuration at one of our clients. This was a simple configuration which involved configuring an external tier in the DMZ.
Now as a part of this DMZ configuration we had disabled all the services on this tier except the Web service.
There was this requirement to implement SSL on the internal tier first, this was done after converting the forms to servlet mode first. This went off quite smoothly as expected.
Now the next logical step was to implement SSL on the external tier, that is the tier on the DMZ to secure the external tier.
Obviously a more secure option would have been to put up a couple of secure reverse proxys in front of the external tier. But since this particular client had his own application before the external tier we decided to go ahead and implement SSL on the external tier which we had configured.
The method that i choose to implement SSL was through the command line using the txkrun.pl as most of the services including GCS were not enabled on this external node.
To my surprise the validation part of the SSL script failed with the error that currently i did not have forms servlet enabled in my external tier and neither did i use a forms wallet so implementation will not be secure.
Now practically i do not have a forms server running on the external node so it made me wonder the need to forms servlet on this node.
Now not sure how to proceed further we decided to run the forms servlet enabling script anyways to see if it helped in someway. Maybe the SSL script looked for some values in the XML file wrt to the forms servlet which it did not find and hence resulted in the failed validation. So we ran the servlet conversion script first and then run the SSL conversion script.
Alas! it failed again with the same message. This was really not expected.
Finally we decided to enable all the forms services on this external node temporarily and then run the SSL conversion script on the external node.
The result: IT WORKED.
So after SSL was successfully implemented on the external node we again went back and disabled our forms services.
Now the whole process of enabling the forms services on the external node and then enabling forms servlets on the external node just for the sake of SSL validation can pass through seemed a bit weird to me.
So it still makes me wonder Something Weird .. Somewhere? did we miss something?
Do drop in a comment as i would like to here your views on this..
Something Weird .. Somewhere?
No comments:
Post a Comment