Thanks for that Jesse. I've read and followed the first link you sent. I successfully connected to the secure server using the sample application SSLSocketClientWithAuth from that page and got a response after importing the server's certificate into my cacerts keystore. However, my gadget still gets the same errors as before.
I have verified that tomcat is using the correct path for JRE_HOME (it's the same one in which the cacerts is located "C:\Program Files\Java\jdk1.7.0\"). Here's other things I tried: - editing the server.xml in my tomcat\conf folder I uncommented out the "Define a SSL HTTP/1.1 Connector on port 8443" section and set the keystoreFile=<path to cacerts> and the keystorePass=<password> - editing the shindig.properties I read in another mailing list post (http://mail-archives.apache.org/mod_mbox/shindig-issues/201001.mbox/%3C b71cdca91001032330r78863462ud3b9ed1d49db9...@mail.gmail.com%3E) that to override the default shindig.properties, I simply need to put an edited shindig.properties file into the $CATALINA_HOME/lib/ folder, which I have done. I ran 2 openssl commands: openssl req -newkey rsa:1024 -days 365 -nodes -x509 -keyout testkey.pem -out testkey.pem -subj '/CN=mytestkey' openssl pkcs8 -in testkey.pem -out oauthkey.pem -topk8 -nocrypt -outform PEM I then copied the testkey.pem to the $CATALINA_HOME/webapps/ROOT/WEB-INF/ folder and edited the shindig.signing.key-name=mytestkey and shindig.signing.key-file=/WEB-INF/testkey.pem. I did not see any effects after restarting the server. Any ideas? -----Original Message----- From: Ciancetta, Jesse E. [mailto:jc...@mitre.org] Sent: Thursday, October 13, 2011 5:50 AM To: dev@shindig.apache.org Subject: RE: Failing to connect to https server through gadget I've run into this situation a bunch of times myself and the best way I've found to get to the root of the issue is to turn on low level debugging directly in the networking API's. Shindig is using HttpClient under the covers for all of its network fetching, and HttpClient is using the java.net API's under the covers to do the actual network communication -- so if you turn on debugging for the java.net API's you should be able to get a better idea of what's going wrong. There's a reference here for enabling debugging for the java.net API's: http://download.oracle.com/javase/1.5.0/docs/guide/security/jsse/ReadDeb ug.html There also seem to be ways to turn on debug logging in HttpClient as well which may also be helpful (and may very well turn on the java.net debugging at the same time) although I've never tried this approach myself: http://hc.apache.org/httpcomponents-client-ga/logging.html --Jesse >-----Original Message----- >From: Tony Chan (tchan2) [mailto:tch...@cisco.com] >Sent: Wednesday, October 12, 2011 6:46 PM >To: dev@shindig.apache.org >Subject: Failing to connect to https server through gadget > >Hi everyone, > > > >I'm having trouble connecting to an https server through my gadget. I'm >not sure if it's because I've installed the self-signed certificate >incorrectly in the cacerts file or because I'm doing my makeRequest >incorrectly. If I do a keytool -list -keystore <path to cacerts> I can >definitely see my alias for the key in there. In my makeRequest, using >AuthorizationType.NONE gives me a 500 peer unauthenticated error while >using AuthorizationType.SIGNED gives me a 200 OK status, but what's >returned looks to be a 403 oauthError with text saying "Unable to >retrieve consumer key". > > > >I have followed the documentation file that came with tomcat >"ssl-howto.html" and edited the connector settings in server.xml, but >that hasn't seemed to help. I am able to use makeRequest to get a >response from a server not using https. I'm rather stumped as to what I >should try next. > > > >Thanks in advance, > >Tony Chan