Hi all --
I'm having an issue with a local development copy of DSpace 3.2,
which I set up to try out some development ideas. It's xmlui.
What I did was, I copied over a production system, including
the postgres database and LDAP authentication, and all the DSpace
app files, ran the "change-handle-prefix" script, so the dev server
won't screw up the real prefix, and emptied the $DSPACE/handle-server
directory.
The copied system duplicates the production set-up in almost
all respects, I'm using an Apache 2.2 front end, running everything
over SSL, and connecting to Tomcat 6 via the mod_jk mechanism.
The major difference is, the copied system's Apache server
uses a local server SSL certificate (I'll call it "server.pem"),
which is signed by my own local authority certificate, which
I'll call "authority.pem".
Anticipating the issue I think I'm having, I configured tomcat
to read the Java keystore in /etc/pki/java/cacerts (I am on
a CentOS system), and used the "keytool" system to add both
the server.pem and the authority.pem to the Java keystore,
thinking this would allow maximum flexibility for SSL connections
in all directions.
It mostly works -- I can bring up the home-page, I can log
in, and I can navigate around the communities and collections,
but all the collections appear to be empty. The communities
and collections correctly show the new, fake handle prefix (I'm
using "123456789")
It seems that search is not working, when I load community or
collection pages, pages, I see errors like the one below in
the DSpace logs. The Cocoon logs and
the Apache logs do not show corresponding errors.
> 2015-01-30 09:35:10,673 ERROR
> org.dspace.app.xmlui.aspect.discovery.SidebarFacetsTransformer
> @ Error while searching for sidebar facets
> org.dspace.discovery.SearchServiceException:
> javax.net.ssl.SSLHandshakeException:
> sun.security.validator.ValidatorException: PKIX path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to
> find valid certification path to requested target
The actual items *are* present in the system, if I navigate to a
specific item, https://<host>/dspace/xmlui/handle/123456789/<item-id>,
then I can view the item, and the bitstreams, and it's fine, I
can view them directly, I just can't browse or search to them.
So apparently solr connections are not working.
Evidently there's some subtlety associated with the SSL
authority cert that I'm missing -- does authority.pem need to
be added to some other keystore somewhere? Does it only work
for real, Verisign-type certs? What's going on?
Thanks in advance.
-- A.
--
Dr. Andrew C. E. Reid
Physical Scientist, Computer Operations Administrator
Center for Theoretical and Computational Materials Science
National Institute of Standards and Technology, Mail Stop 8555
Gaithersburg MD 20899 USA
[email protected]
------------------------------------------------------------------------------
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________
DSpace-tech mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/dspace-tech
List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
