Hi Christian,
thanks for replying. Yes, there was a typo in that mail, sorry about
that. We redirect internally on http, but we force redirect of
http->https of external inbound calls in order to force them to be over
https.
About the certificate, it's a let's encrypt one
(https://letsencrypt.org/) and as I tested, it is recognized by the JVM
(The same code run on the same tomcat instance in a different webapp
correctly retrieve the output ).
Fabio
On 09/05/2017 10:01, Christian Mueller wrote:
Hi Fabio
I am wondering why you have an https-->https configuration. Normally,
your nginx proxy should handle SSL, no need for SSL for the backend
service. https-->http should be sufficient.
Second, do you use a self signed certificate ?. If you do, you have to
add your certificate into JRE_HOME/lib/security/cacerts
Cheers
On Mon, May 8, 2017 at 6:07 PM, Fabio <[email protected]
<mailto:[email protected]>> wrote:
Hi,
we're testing the adoption of standalone GeoFence (3.3.0) in order
to manage security of our GeoServers.
Problem is that when I try to register our GeoServer instance, an
error is thrown when "Test" button is pressed. Setting logs to
debug, I can see the attached error.
Our GeoServer (v 2.10) is hosted on a tomcat7 behind an nginx
proxy, and https->https redirection is in place. The certificate
is a let'sencrypt one.
GeoFence runs on a tomcat7, java version "1.8.0_121".
I tested the same code (copied getURL from
https://github.com/geoserver/geofence/blob/v3.3.0/src/gui/core/plugin/userui/src/main/java/org/geoserver/geofence/gui/server/service/impl/InstancesManagerServiceImpl.java
<https://github.com/geoserver/geofence/blob/v3.3.0/src/gui/core/plugin/userui/src/main/java/org/geoserver/geofence/gui/server/service/impl/InstancesManagerServiceImpl.java>
) in another webapp I created and deployed on the same tomcat7 of
GeoFence, and the output seems correctly retrieved. These are the
parameters :
URL
https://geoserver1-spatial-dev.d4science.org/geoserver/rest/geofence/info
<https://geoserver1-spatial-dev.d4science.org/geoserver/rest/geofence/info>
USER admin
PWD geoserver
Since the jre seems to recognize the certificate (my test
successfully connects a retrieve content), my guess is that some
other configuration might be needed.
Thanks a lot for your help,
Fabio Sinibaldi
--
--- --- --- ---
Fabio Sinibaldi
CNR Istituto di Scienza e Tecnologie dell' Informazione A. Faedo
Area della Ricerca CNR
InfraScience Group http://nemis.isti.cnr.it/groups/infrascience
<http://nemis.isti.cnr.it/groups/infrascience>
Via G. Moruzzi, 1 – 56124 Pisa, Italy
Skype fabioisti
https://it.linkedin.com/in/fabio-sinibaldi-18779a18
<https://it.linkedin.com/in/fabio-sinibaldi-18779a18>
--- --- --- ---
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Geoserver-users mailing list
[email protected]
<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/geoserver-users
<https://lists.sourceforge.net/lists/listinfo/geoserver-users>
--
DI Christian Mueller MSc (GIS), MSc (IT-Security)
OSS Open Source Solutions GmbH
--
--- --- --- ---
Fabio Sinibaldi
CNR Istituto di Scienza e Tecnologie dell' Informazione A. Faedo
Area della Ricerca CNR
InfraScience Group http://nemis.isti.cnr.it/groups/infrascience
Via G. Moruzzi, 1 – 56124 Pisa, Italy
Skype fabioisti
https://it.linkedin.com/in/fabio-sinibaldi-18779a18
--- --- --- ---
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Geoserver-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/geoserver-users
