Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

as400: add ssl connection #5383

Open
wants to merge 7 commits into
base: develop
Choose a base branch
from
Open

as400: add ssl connection #5383

wants to merge 7 commits into from

Conversation

garnier-quentin
Copy link
Contributor

Community contributors

Description

Add capability to use AS400 SSL connection.
The plugin has a new option: --ssl.

Type of change

  • Patch fixing an issue (non-breaking change)
  • New functionality (non-breaking change)
  • Functionality enhancement or optimization (non-breaking change)
  • Breaking change (patch or feature) that might cause side effects breaking part of the Software

How this pull request can be tested ?

For the SSL connection, the port 9475 must be opened from the poller. If you check it, you surely have the error:

UNKNOWN: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

You need to import the target AS400 certificate on your poller. How could do that ?

Get the certificate (change the IP with your AS400 IP):

openssl s_client -showcerts -connect 192.168.23.13:9475
....
-----BEGIN CERTIFICATE-----
MIIBzTCCAXKgAwIBAgIHZ2AwVwa86DAKBggqhkjOPQQDAjBBMQswCQYDVQQGEwJJ
VDEMMAoGA1UECBMDSVRBMQswCQYDVQQKEwJBNDEXMBUGA1UEAxMOYTQuaG9yc2Eu
bG9jYWwwHhcNMjQxMjE1MTM1MTE5WhcNMjUxMjE2MTM1MTE5WjBEMQswCQYDVQQG
EwJJVDEMMAoGA1UECBMDSVRBMQ4wDAYDVQQKEwVob3JzYTEXMBUGA1UEAxMOYTQu
aG9yc2EubG9jYWwwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATqCX0phiFrLWO4
DIQPgia3tUWDR3AhG9bj1nJZGH18DzdFo3Vmkw7OIXd8Hb4h/SPU9RW4UJP2mkye
fQ7KYjT3o1IwUDAdBgNVHQ4EFgQUbXG2MgF61atRpOPk8bqE00sTtWwwHwYDVR0j
BBgwFoAUA2TweBcnGgh+RoLcNFzlncglz/MwDgYDVR0PAQH/BAQDAgPoMAoGCCqG
SM49BAMCA0kAMEYCIQC/vW+MKDb+qmS2z2bHhmXL9hBdxlWneU3IMvQyz/bGtQIh
ALikXP2MyNN79k/CTewYI929gPQ19GAohyXWkAjq8LoC
-----END CERTIFICATE-----
...

Create a file as400_192.168.23.13.crt with the BEGIN and END certificate section from previous command.
Import the certificate (the path is for centos 7):

# keytool -importcert -keystore /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.412.b08-1.el7_9.x86_64/jre/lib/security/cacerts -storepass changeit -file as400_192.168.23.13.crt -alias " as400_192.168.23.13"
...
Trust this certificate? [no]:  yes
Certificate was added to keystore

Now it should work with option --ssl.

Checklist

  • I have followed the coding style guidelines provided by Centreon
  • I have commented my code, especially hard-to-understand areas of the PR.
  • I have rebased my development branch on the base branch (develop).
  • I have provide data or shown output displaying the result of this code in the plugin area concerned.

@garnier-quentin garnier-quentin requested review from a team as code owners January 10, 2025 10:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@omercier omercier Awaiting requested review from omercier omercier is a code owner automatically assigned from centreon/owners-perl

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
external
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@garnier-quentin