Question & Answer
Question
The message bus probe is configured as an HTTPS listener with the webhook transport protocol.
The message bus probe does not accept connections from clients unless they use the URL given in the common name in certificate, which is linked to the probe servers fully qualified domain name.
Can the message bus probe accept connection from clients with other hostnames?
Cause
The probes certificate requires subject alternate names to allow alternate hostnames.
Answer
The certificate provider can add subject alternate names to the probes SSL certificate.
It is recommended to use the webhook transport protocol as it parses event data faster.
There are two scripts attached to allow the creation of a self-signed certificate, and a local CA certificate.
Use these certificates to test the message bus probes requirements, in a test environment.
Example usage.
cd $NCHOME/omnibus/utils/SSLWEBHOOK
./createCAWebhookSSL.sh webhook_host.company.com SAN=IP:192.168.20.20,DNS:webhook_host.company.com,DNS:webhook_host,DNS:localhost
./createWebhookSSL.sh jwebhook_host.company.com SAN=IP:192.168.20.20,DNS:webhook_host.company.com,DNS:webhook_host,DNS:localhost
The SAN listing requires the correct syntax.
DNS:<string for fqdn or hostname>
IP:<ip address>
Commas separate the entries with the SAN= starting the commas separated list of DNS: and IP: strings.
DNS:<string for fqdn or hostname>
IP:<ip address>
Commas separate the entries with the SAN= starting the commas separated list of DNS: and IP: strings.
Configure the probe with the example property and transport properties files.
Send test events to the probe with curl, as required.
For the CA certificate and keystore.
./check_ssl_json_port.sh webhook_host.company.com 12111 CACERTS/caroot.cert
./check_ssl_json_port.sh localhost 12111 CACERTS/caroot.cert
For the self-signed certificate and keystore.
./check_ssl_json_port.sh webhook_host.company.com 12111 SSCERTS/webhook.pem
./check_ssl_json_port.sh webhook_host.company.com 12111 SSCERTS/webhook.pem
./check_ssl_json_port.sh localhost 12111 SSCERTS/webhook.pem
To check the certificates with keytool.
keytool -list -keystore $NCHOME/omnibus/utils/SSLWEBHOOK/CACERTS/KeyStore.jks -storepass netcool
keytool -v -list -keystore $NCHOME/omnibus/utils/SSLWEBHOOK/CACERTS/KeyStore.jks -storepass netcool
keytool -list -keystore $NCHOME/omnibus/utils/SSLWEBHOOK/CACERTS/KeyStore.jks -storepass netcool
keytool -v -list -keystore $NCHOME/omnibus/utils/SSLWEBHOOK/CACERTS/KeyStore.jks -storepass netcool
keytool -list -keystore $NCHOME/omnibus/utils/SSLWEBHOOK/SSCERTS/KeyStore.jks -storepass netcool
keytool -v -list -keystore $NCHOME/omnibus/utils/SSLWEBHOOK/SSCERTS/KeyStore.jks -storepass netcool
keytool -v -list -keystore $NCHOME/omnibus/utils/SSLWEBHOOK/SSCERTS/KeyStore.jks -storepass netcool
Example property and transport properties file.
File: message_bus_webhook_fqdn.props
# Agregation layer object servers
Server : 'AGG_P'
ServerBackup : 'AGG_B'
# Best practice
NetworkTimeout : 15
PollServer : 60
# Buffering
Buffering : 1
BufferSize : 200
FlushBufferInterval : 11
# Tuning
MaxEventQueueSize : 50000
TransportQueueSize : 50000
DisableDetails : 1
#
# Transport configuration
#
TransportFile : '$NCHOME/omnibus/probes/linux2x86/WebhookTransportFQDN.properties'
TransportType : 'Webhook'
Port : 12111
# Switch heartbeating off
HeartbeatInterval : 0
# SSL/TLS configuration
EnableSSL : 'true'
Server : 'AGG_P'
ServerBackup : 'AGG_B'
# Best practice
NetworkTimeout : 15
PollServer : 60
# Buffering
Buffering : 1
BufferSize : 200
FlushBufferInterval : 11
# Tuning
MaxEventQueueSize : 50000
TransportQueueSize : 50000
DisableDetails : 1
#
# Transport configuration
#
TransportFile : '$NCHOME/omnibus/probes/linux2x86/WebhookTransportFQDN.properties'
TransportType : 'Webhook'
Port : 12111
# Switch heartbeating off
HeartbeatInterval : 0
# SSL/TLS configuration
EnableSSL : 'true'
# Switch the KeyStore as required
#KeyStore : '$NCHOME/omnibus/utils/SSLWEBHOOK/SSCERTS/KeyStore.jks'
KeyStore : '$NCHOME/omnibus/utils/SSLWEBHOOK/CACERTS/KeyStore.jks'
KeyStorePassword : 'netcool'
# Debug logging
MessageLevel : 'debug'
MessageLog : '$NCHOME/omnibus/log/message_bus_webhook_fqdn.log'
# EOF
#KeyStore : '$NCHOME/omnibus/utils/SSLWEBHOOK/SSCERTS/KeyStore.jks'
KeyStore : '$NCHOME/omnibus/utils/SSLWEBHOOK/CACERTS/KeyStore.jks'
KeyStorePassword : 'netcool'
# Debug logging
MessageLevel : 'debug'
MessageLog : '$NCHOME/omnibus/log/message_bus_webhook_fqdn.log'
# EOF
File: $NCHOME/omnibus/probes/linux2x86/WebhookTransportFQDN.properties
webhookURI=/
IdleTimeout=60
# Disable URL path checks
#respondWithContent=OFF
#validateBodySyntax=ON
validateRequestURI=OFF
# Force TLSv1.2
# securityProtocol=TLSv1.2
# EOF
webhookURI=/
IdleTimeout=60
# Disable URL path checks
#respondWithContent=OFF
#validateBodySyntax=ON
validateRequestURI=OFF
# Force TLSv1.2
# securityProtocol=TLSv1.2
# EOF
Related Information
[{"Type":"MASTER","Line of Business":{"code":"LOB67","label":"IT Automation \u0026 App Modernization"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSSHTQ","label":"Tivoli Netcool\/OMNIbus"},"ARM Category":[{"code":"a8m500000008a8TAAQ","label":"Probes-\u003E1 Individual Probes-\u003EMessage Bus JSON XML nco_p_message_bus"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
06 March 2024
UID
ibm16563241