Announcement

Collapse

Mirth Connect 3.12.0 Released!

Mirth Connect 3.12.0 is now available as an appliance update and on our GitHub page. This release includes database performance improvements, improves visual HL7 representation, message pruning, keystore handling, PDF generation, community contributions, and fixes several security vulnerabilities. This release also contains many improvements to commercial extensions. See the release notes for the list of fixes and updates.

Download | See What's New | Upgrade Guide | Release Notes

For discussion on this release, see this thread.
See more
See less

Mirth won't run on AIX

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Mirth won't run on AIX

    I'm attempting to run Mirth on AIX and I get the following error:

    WARN 2008-02-21 11:51:11,265 [Thread-1] org.mortbay.http.SslListener: EXCEPTION

    java.security.NoSuchAlgorithmException: SunX509 KeyManagerFactory not available
    at sun.security.jca.GetInstance.getInstance(GetInstan ce.java:158)
    at javax.net.ssl.KeyManagerFactory.getInstance(KeyMan agerFactory.java:20)
    at org.mortbay.http.SslListener.createFactory(SslList ener.java:259)
    at org.mortbay.http.SslListener.newServerSocket(SslLi stener.java:283)
    at org.mortbay.util.ThreadedServer.open(ThreadedServe r.java:477)
    at org.mortbay.util.ThreadedServer.start(ThreadedServ er.java:503)
    at org.mortbay.http.SocketListener.start(SocketListen er.java:203)
    at org.mortbay.http.HttpServer.doStart(HttpServer.jav a:716)
    at org.mortbay.util.Container.start(Container.java:72 )
    at com.webreach.mirth.server.Mirth.startWebServer(Mir th.java:391)
    at com.webreach.mirth.server.Mirth.startup(Mirth.java :145)
    at com.webreach.mirth.server.Mirth.run(Mirth.java:110 )
    WARN 2008-02-21 11:51:11,382 [Thread-1] org.mortbay.util.ThreadedServer: Failed to start: [email protected]:8443
    WARN 2008-02-21 11:51:11,383 [Thread-1] com.webreach.mirth.server.Mirth: Could not start web server.
    org.mortbay.util.MultiException[java.io.IOException: Could not create JsseListener: java.security.NoSuchAlgorithmException: SunX509 KeyManagerFactory not available]
    at org.mortbay.http.HttpServer.doStart(HttpServer.jav a:686)
    at org.mortbay.util.Container.start(Container.java:72 )
    at com.webreach.mirth.server.Mirth.startWebServer(Mir th.java:391)
    at com.webreach.mirth.server.Mirth.startup(Mirth.java :145)
    at com.webreach.mirth.server.Mirth.run(Mirth.java:110 )
    java.io.IOException: Could not create JsseListener: java.security.NoSuchAlgorithmException: SunX509 KeyManagerFactory not available
    at org.mortbay.http.SslListener.newServerSocket(SslLi stener.java:314)
    at org.mortbay.util.ThreadedServer.open(ThreadedServe r.java:477)
    at org.mortbay.util.ThreadedServer.start(ThreadedServ er.java:503)
    at org.mortbay.http.SocketListener.start(SocketListen er.java:203)
    at org.mortbay.http.HttpServer.doStart(HttpServer.jav a:716)
    at org.mortbay.util.Container.start(Container.java:72 )
    at com.webreach.mirth.server.Mirth.startWebServer(Mir th.java:391)
    at com.webreach.mirth.server.Mirth.startup(Mirth.java :145)
    at com.webreach.mirth.server.Mirth.run(Mirth.java:110 )
    Mirth 1.7.0.3285 (January 28, 2008) server successfully started: Thu Feb 21 11:51:53 PST 2008

    I'm running IBM's Java 1.5.0 package for AIX.

    From what I can gather browsing the web, IBM has their own X509 algorithm and that appears to be the problem here; see this link concerning Apache for example and this one with a proposed solution.

    We would appreciate you providing a fix so we can run Mirth on AIX.

    Thanks,

    Dan

  • #2
    Re:Mirth won't run on AIX

    If you are building Mirth from source its fairly easy to get it working under AIX. Here are the steps:

    1. Change line 389 in class AxisMessageDispatcher in package com.webreach.mirth.connectors.soap.axis from:

    params.add("value" + i + ";qname{" + qname.getPrefix() + ":" + qname.getLocalPart() + ":" + qname.getNamespaceURI() + "};in");

    to:

    params.add("value" + i + ";qname{" + qname.getLocalPart() + ":" + qname.getNamespaceURI() + "};in");

    This is needed for a clean compile since the IBM jvm javax.xml.namespace.QName class does not support the getPrefix() method.

    2. Change the following classes in package com.webreach.mirth.model.converters to import the org.apache.xerces.parsers.SAXParser class instead of the com.sun.org.apache.xerces.internal.parsers.SAXPars er class. This is needed because the IBM jvm does not support the Sun SAXParser (imagine that):

    a. EDIReader
    b. ER7Reader
    c. NCPDPReader

    3. Now the fun part. As you noted in your post, the SunX509 algorithm isn't good enough for IBM's jvm so they have their own IbmX509 algorithm. Here is what we need to do to put it all together:

    a. Edit the mirth.properties file in the server/conf directory and add the following properties:
    1) https.algorithm=IbmX509
    2) https.keystoretype=PKCS12

    b. Next you need to edit the Mirth class in the com.webreach.mirth.server package in order to take advantage of these new properties. In the startWebServer() method of this class you will see code that looks like this:

    sslListener.setPort(Integer.valueOf(PropertyLoader .getProperty(mirthProperties,"https.port")).intVal ue());
    sslListener.setKeystore(ConfigurationController.mi rthHomeDir + System.getProperty("file.separator") + PropertyLoader.getProperty(mirthProperties, "https.keystore"));
    sslListener.setPassword(PropertyLoader.getProperty (mirthProperties, "https.password"));
    sslListener.setKeyPassword(PropertyLoader.getPrope rty(mirthProperties, "https.keypassword"));

    Add the following two lines of code after the above snippet and before the 'servletContainer.addListener(sslListener);' statement:

    sslListener.setAlgorithm(PropertyLoader.getPropert y(mirthProperties, "https.algorithm"));
    sslListener.setKeystoreType(PropertyLoader.getProp erty(mirthProperties, "https.keystoretype"));

    c. Rebuild Mirth from source.

    Voila! Now Mirth can run in the Sun or IBM jvm. All that you need to do after you deploy the setup distributable is to:

    1. Edit the conf/mirth.properties file and set https.algorithm=SunX509 if you are running in the Sun jvm or set https.algorithm=IbmX509 if running in the IBM jvm. Both jvm's understand the new https.keystoretype=PKCS12 setting so that new property does not need changing in either environment.

    2. Generate your keystore file. Here is the command that I use to generate a keystore that will work in either jvm:

    $JAVA_HOME/keytool -genkey -keystore ./keystore -storepass abc12345 -keypass abc12345 -keyalg RSA -alias keystore -validity 3650 -dname "cn=keystore example,ou=admin book,dc=jboss,dc=org" -storetype PKCS12

    3. Launch Mirth and have fun!

    I will try to monitor this post over the next few days to see if you are having any problems or if I forgot to include something as you do your rebuild. Since I incorporated these changes into my Mirth build I have been successfully testing in an AIX 5.2 environment for a couple of months now.

    Post edited by: rkralic, at: 03/08/2008 10:07

    Comment


    • #3
      Re:Mirth won't run on AIX

      If you are building Mirth from source its fairly easy to get it working under AIX. Here are the steps:

      1. Change line 389 in class AxisMessageDispatcher in package com.webreach.mirth.connectors.soap.axis from:

      params.add("value" + i + ";qname{" + qname.getPrefix() + ":" + qname.getLocalPart() + ":" + qname.getNamespaceURI() + "};in");

      to:

      params.add("value" + i + ";qname{" + qname.getLocalPart() + ":" + qname.getNamespaceURI() + "};in");

      This is needed for a clean compile since the IBM jvm javax.xml.namespace.QName class does not support the getPrefix() method.

      2. Change the following classes in package com.webreach.mirth.model.converters to import the org.apache.xerces.parsers.SAXParser class instead of the com.sun.org.apache.xerces.internal.parsers.SAXPars er class. This is needed because the IBM jvm does not support the Sun SAXParser (imagine that):

      a. EDIReader
      b. ER7Reader
      c. NCPDPReader

      3. Now the fun part. As you noted in your post, the SunX509 algorithm isn't good enough for IBM's jvm so they have their own IbmX509 algorithm. Here is what we need to do to put it all together:

      a. Edit the mirth.properties file in the server/conf directory and add the following properties:
      1) https.algorithm=IbmX509
      2) https.keystoretype=PKCS12

      b. Next you need to edit the Mirth class in the com.webreach.mirth.server package in order to take advantage of these new properties. In the startWebServer() method of this class you will see code that looks like this:

      sslListener.setPort(Integer.valueOf(PropertyLoader .getProperty(mirthProperties,"https.port")).intVal ue());
      sslListener.setKeystore(ConfigurationController.mi rthHomeDir + System.getProperty("file.separator") + PropertyLoader.getProperty(mirthProperties, "https.keystore"));
      sslListener.setPassword(PropertyLoader.getProperty (mirthProperties, "https.password"));
      sslListener.setKeyPassword(PropertyLoader.getPrope rty(mirthProperties, "https.keypassword"));

      Add the following two lines of code after the above snippet and before the 'servletContainer.addListener(sslListener);' statement:

      sslListener.setAlgorithm(PropertyLoader.getPropert y(mirthProperties, "https.algorithm"));
      sslListener.setKeystoreType(PropertyLoader.getProp erty(mirthProperties, "https.keystoretype"));

      c. Rebuild Mirth from source.

      Voila! Now Mirth can run in the Sun or IBM jvm. All that you need to do after you deploy the setup distributable is to:

      1. Edit the conf/mirth.properties file and set https.algorithm=SunX509 if you are running in the Sun jvm or set https.algorithm=IbmX509 if running in the IBM jvm. Both jvm's understand the new https.keystoretype=PKCS12 setting so that new property does not need changing in either environment.

      2. Generate your keystore file. Here is the command that I use to generate a keystore that will work in either jvm:

      $JAVA_HOME/keytool -genkey -keystore ./keystore -storepass abc12345 -keypass abc12345 -keyalg RSA -alias keystore -validity 3650 -dname "cn=keystore example,ou=admin book,dc=jboss,dc=org" -storetype PKCS12

      3. Launch Mirth and have fun!

      I will try to monitor this post over the next few days to see if you are having any problems or if I forgot to include something as you do your rebuild. Since I incorporated these changes into my Mirth build I have been successfully testing in an AIX 5.2 environment for a couple of months now.

      Post edited by: rkralic, at: 03/08/2008 10:06

      Comment


      • #4
        Re:Mirth won't run on AIX

        As a follow up, I've also done lots of performance testing and tuning with Mirth in both the Sun (Windows) and IBM (AIX) jvm's and so far I have found these jvm startup options to be the most optimal:

        1. Sun jvm under Windows:

        set JAVA_OPTS=-Xms256m -Xmx512m -Xminf.5 -Xmaxf.8 -XX:+DisableExplicitGC -XX:+UseConcMarkSweepGC -XX:+UseParNewGC -Dsun.rmi.dgc.client.gcInterval=3600000 -Dsun.rmi.dgc.server.gcInterval=3600000 -Djava.net.preferIPv4Stack=true -Dsun.net.inetaddr.ttl=600

        java %JAVA_OPTS% -jar mirth-launcher.jar mirth-launcher.xml

        2. IBM jvm under AIX:

        JAVA_OPTS="-Xmx512m -Xminf.5 -Xmaxf.8 -Xdisableexplicitgc -Xgcpolicyptavgpause -Dsun.rmi.dgc.client.gcInterval=3600000 -Dsun.rmi.dgc.server.gcInterval=3600000 -Djava.net.preferIPv4Stack=true -Dsun.net.inetaddr.ttl=600"

        $JAVA_HOME "$JAVA_OPTS" -classpath $CLASSPATH com.webreach.mirth.server.launcher.MirthLauncher mirth-launcher.xml

        Comment


        • #5
          Re:Mirth won't run on AIX

          Very detailed procedure! Thank you; I will try it out. I noticed a post a few days before mine asking how to download and compile the source. Someone indicated they were going to post a procedure, but I haven't seen it. What's the best way to download the source for the current release and run the build?

          Thanks again,

          Dan

          Comment


          • #6
            Re:Mirth won't run on AIX

            Since I use Eclipse for developing java applications, I'd only be able to help you if you are familar with/using that IDE. Are you?

            Comment


            • #7
              Re:Mirth won't run on AIX

              Would it be possible to get these changes/config options made as part of the standard Mirth distribution?

              I'd like to test Mirth under AIX but building from source is a bit much just to test an installation in development.

              Thanks!

              Comment


              • #8
                Re:Mirth won't run on AIX

                I've ran into the same problem and I use Eclipse as my primary IDE.
                I have seen this before with other projects running under JBoss.
                Is there a repository I can check the Mirth code out from directly from within Eclipse or will I have to setup the project? Can you perhaps share your project file?
                Also I think it would be nice if an AIX specific build was made available for the general public.
                I am willing to help setting that up / testing the various runtime parameters and scripts.

                Thank you.

                Comment


                • #9
                  Re:Mirth won't run on AIX

                  I created a ticket to track the issue.

                  Mirth won't run with IBM's JVM
                  ------------------------------

                  Key: MIRTH-1030
                  URL: http://www.mirthproject.org/communit...wse/MIRTH-1030
                  Project: Mirth
                  Issue Type: Improvement
                  Environment: IBM's JVM
                  Reporter: Corey Stup
                  Assigned To: Gerald Bortis
                  Priority: Minor

                  Comment

                  Working...
                  X