[ome-users] SSL configuration for Server and Client

[josh.moore at gmx.de]

Hi Huw,

Huw Lynes writes:
 > On Thu, 2009-06-04 at 13:33 +0100, Huw Lynes wrote:
 > > We now have a working Omero server for testing. Thanks for all the help
 > > so far.

Don't mention it.

 > OK got a bit further with this.
 > 
 > If I do 
 > 
 > export ICE_CONFIG=ssl.config
 > 
 > and then run importer or insight it reads the ssl.config file but
 > refuses to connect.

The configuration for Java and for Python are slightly
different[1]. I'll add this to the documentation page, but it comes
from [2].

If you can verify that the Python login works[3], then we can focus on
getting your Java clients working.

This requires having ICE_CONFIG set in your environment. How are you
launching the apps?

 > templates.xml
 >          <property name="Ice.Plugin.IceSSL" value="IceSSL:createIceSSL"/>
 >          <property name="Ice.Default.Router" value="OMERO.Glacier2/router:ssl -p 4064 -h localhost"/>
 >          <property name="IceSSL.Ciphers" value="ADH"/>
 >          <property name="IceSSL.VerifyPeer" value="0"/>

Also, omit the "Ice.Default.Router". That's the value which points at
Glacier, so it doesn't need a reference to itself. Our documentation
was wrong, but has been corrected.

Hope all that helps. And thanks for testing this for us!!
~J.


[1]
# For Both
Ice.Default.Router=OMERO.Glacier2/router:ssl -p 4064 -h 127.0.0.1
IceSSL.VerifyPeer=0

# For Python
Ice.Plugin.IceSSL=IceSSL:createIceSSL
IceSSL.Ciphers=ADH

# For Java
Ice.Plugin.IceSSL=IceSSL.PluginFactory
IceSSL.DefaultDir=/tmp
IceSSL.Ciphers=NONE (DH_anon)



[2]
http://zeroc.com/doc/Ice-3.3.0/manual/IceSSL.39.4.html


[3]
josh at mac:~/code/omero.git/dist$ PYTHONPATH=lib/python ICE_CONFIG=ssl.config python
Python 2.5.4 (r254:67916, May 21 2009, 17:32:03) 
[GCC 4.0.1 (Apple Computer, Inc. build 5367)] on darwin
Type "help", "copyright", "credits" or "license" for more information.
>>> import omero
>>> c = omero.client()
>>> s = c.createSession("root","ome")
>>> c.closeSession()
>>>