Thanks for that Jesse. I've read and followed the first link you sent.
I successfully connected to the secure server using the sample
application SSLSocketClientWithAuth from that page and got a response
after importing the server's certificate into my cacerts keystore.
However, my gadget still gets the same errors as before.
I have verified that tomcat is using the correct path for JRE_HOME (it's
the same one in which the cacerts is located "C:\Program
Files\Java\jdk1.7.0\").
Here's other things I tried:
- editing the server.xml in my tomcat\conf folder
I uncommented out the "Define a SSL HTTP/1.1 Connector on port
8443" section and set the keystoreFile=<path to cacerts> and the
keystorePass=<password>
- editing the shindig.properties
I read in another mailing list post
(http://mail-archives.apache.org/mod_mbox/shindig-issues/201001.mbox/%3C
b71cdca91001032330r78863462ud3b9ed1d49db9...@mail.gmail.com%3E) that to
override the default shindig.properties, I simply need to put an edited
shindig.properties file into the $CATALINA_HOME/lib/ folder, which I
have done. I ran 2 openssl commands:
openssl req -newkey rsa:1024 -days 365 -nodes -x509 -keyout
testkey.pem -out testkey.pem -subj '/CN=mytestkey'
openssl pkcs8 -in testkey.pem -out oauthkey.pem -topk8 -nocrypt
-outform PEM
I then copied the testkey.pem to the
$CATALINA_HOME/webapps/ROOT/WEB-INF/ folder and edited the
shindig.signing.key-name=mytestkey and
shindig.signing.key-file=/WEB-INF/testkey.pem. I did not see any effects
after restarting the server.
Any ideas?
-----Original Message-----
From: Ciancetta, Jesse E. [mailto:jc...@mitre.org]
Sent: Thursday, October 13, 2011 5:50 AM
To: dev@shindig.apache.org
Subject: RE: Failing to connect to https server through gadget
I've run into this situation a bunch of times myself and the best way
I've found to get to the root of the issue is to turn on low level
debugging directly in the networking API's.
Shindig is using HttpClient under the covers for all of its network
fetching, and HttpClient is using the java.net API's under the covers to
do the actual network communication -- so if you turn on debugging for
the java.net API's you should be able to get a better idea of what's
going wrong.
There's a reference here for enabling debugging for the java.net API's:
http://download.oracle.com/javase/1.5.0/docs/guide/security/jsse/ReadDeb
ug.html
There also seem to be ways to turn on debug logging in HttpClient as
well which may also be helpful (and may very well turn on the java.net
debugging at the same time) although I've never tried this approach
myself:
http://hc.apache.org/httpcomponents-client-ga/logging.html
--Jesse
>-----Original Message-----
>From: Tony Chan (tchan2) [mailto:tch...@cisco.com]
>Sent: Wednesday, October 12, 2011 6:46 PM
>To: dev@shindig.apache.org
>Subject: Failing to connect to https server through gadget
>
>Hi everyone,
>
>
>
>I'm having trouble connecting to an https server through my gadget.
I'm
>not sure if it's because I've installed the self-signed certificate
>incorrectly in the cacerts file or because I'm doing my makeRequest
>incorrectly. If I do a keytool -list -keystore <path to cacerts> I can
>definitely see my alias for the key in there. In my makeRequest, using
>AuthorizationType.NONE gives me a 500 peer unauthenticated error while
>using AuthorizationType.SIGNED gives me a 200 OK status, but what's
>returned looks to be a 403 oauthError with text saying "Unable to
>retrieve consumer key".
>
>
>
>I have followed the documentation file that came with tomcat
>"ssl-howto.html" and edited the connector settings in server.xml, but
>that hasn't seemed to help. I am able to use makeRequest to get a
>response from a server not using https. I'm rather stumped as to what
I
>should try next.
>
>
>
>Thanks in advance,
>
>Tony Chan
