The resource you mention is more about the security of geoserver itself : how to use a certificate to be able to connect to geoserver.
For your case, the problem is that GEOSERVER is not able to accept the CA which emitted the certificate of your remote source so it protects you from using an unsafe remote service. I have found this topic (in French) on GeoRezo which seems very close to your case : https://georezo.net/forum/viewtopic.php?id=120448. This one is also interesting for you : https://gis.stackexchange.com/questions/95205/geoserver-add-external-wms-service You have to retrieve the SSL certificate from IGN and register it in your GEOSERVE JRE. Regards Alexandre Le jeu. 15 juil. 2021 à 18:40, celati Laurent <laurent.cel...@gmail.com> a écrit : > Thanks a lot for your quick replies. Could you just confirm to me that the > following url is the relevant ressource for guidance? : > > > https://docs.geoserver.org/latest/en/user/security/tutorials/cert/index.html > > Thanks again. > > > Le jeu. 15 juil. 2021 à 17:30, Alexandre Gacon <alexandre.ga...@gmail.com> > a écrit : > >> Hi, >> >> You perhaps have to register the IGN certificate into the TOMCAT >> certificate store of your geoserver instance. >> >> Alexandre >> >> Le jeu. 15 juil. 2021 à 17:19, celati Laurent <laurent.cel...@gmail.com> >> a écrit : >> >>> Good afternoon, >>> I succeed in setting a remote WMS data store (from french IGN >>> ressources) in filling the following URl in geoserver : >>> >>> >>> http://gpp3-wxs.ign.fr/<KEY>/geoportail/r/wms?SERVICE=WMS&VERSION=1.3.0&REQUEST=GetCapabilities >>> >>> It works and i can see several data shared by the french IGN. But when i >>> select one of them and i try to preview the data, >>> I have the following error message. >>> >>> [image: image.png] >>> >>> As far as i understood, i have to do an additional action to validate, >>> certificate something. >>> Could you help me ? Thanks a lot. Please find below the geoserver >>> logfiles : >>> >>> Code: >>> >>> at >>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) >>> at >>> org.geoserver.filters.FlushSafeFilter.doFilter(FlushSafeFilter.java:42) >>> at >>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) >>> at >>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) >>> at >>> org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201) >>> at >>> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) >>> at >>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) >>> at >>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) >>> at >>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202) >>> at >>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97) >>> at >>> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:667) >>> at >>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:143) >>> at >>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) >>> at >>> org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:690) >>> at >>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78) >>> at >>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343) >>> at >>> org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:374) >>> at >>> org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) >>> at >>> org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:888) >>> at >>> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1597) >>> at >>> org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) >>> at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) >>> at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) >>> at >>> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) >>> at java.lang.Thread.run(Unknown Source) >>> Caused by: org.geoserver.platform.ServiceException: >>> javax.net.ssl.SSLHandshakeException: >>> sun.security.validator.ValidatorException: PKIX path validation failed: >>> java.security.cert.CertPathValidatorException: validity check failed >>> at >>> org.geoserver.wms.map.RenderedImageMapOutputFormat.directRasterRender(RenderedImageMapOutputFormat.java:1096) >>> at >>> org.geoserver.wms.map.RenderedImageMapOutputFormat.produceMap(RenderedImageMapOutputFormat.java:345) >>> ... 127 more >>> Caused by: javax.net.ssl.SSLHandshakeException: >>> sun.security.validator.ValidatorException: PKIX path validation failed: >>> java.security.cert.CertPathValidatorException: validity check failed >>> at sun.security.ssl.Alert.createSSLException(Unknown Source) >>> at sun.security.ssl.TransportContext.fatal(Unknown Source) >>> at sun.security.ssl.TransportContext.fatal(Unknown Source) >>> at sun.security.ssl.TransportContext.fatal(Unknown Source) >>> at >>> sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(Unknown >>> Source) >>> at >>> sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(Unknown >>> Source) >>> at >>> sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(Unknown >>> Source) >>> at sun.security.ssl.SSLHandshake.consume(Unknown Source) >>> at sun.security.ssl.HandshakeContext.dispatch(Unknown Source) >>> at sun.security.ssl.HandshakeContext.dispatch(Unknown Source) >>> at sun.security.ssl.TransportContext.dispatch(Unknown Source) >>> at sun.security.ssl.SSLTransport.decode(Unknown Source) >>> at sun.security.ssl.SSLSocketImpl.decode(Unknown Source) >>> at sun.security.ssl.SSLSocketImpl.readHandshakeRecord(Unknown Source) >>> at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source) >>> at sun.security.ssl.SSLSocketImpl.ensureNegotiated(Unknown Source) >>> at sun.security.ssl.SSLSocketImpl.access$200(Unknown Source) >>> at sun.security.ssl.SSLSocketImpl$AppOutputStream.write(Unknown Source) >>> at java.io.BufferedOutputStream.flushBuffer(Unknown Source) >>> at java.io.BufferedOutputStream.flush(Unknown Source) >>> at >>> org.apache.commons.httpclient.HttpConnection.flushRequestOutputStream(HttpConnection.java:828) >>> at >>> org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$HttpConnectionAdapter.flushRequestOutputStream(MultiThreadedHttpConnectionManager.java:1565) >>> at >>> org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2116) >>> at >>> org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1096) >>> at >>> org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:398) >>> at >>> org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171) >>> at >>> org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397) >>> at >>> org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:323) >>> at >>> org.geotools.ows.wms.MultithreadedHttpClient.executeMethod(MultithreadedHttpClient.java:192) >>> at >>> org.geotools.ows.wms.MultithreadedHttpClient.get(MultithreadedHttpClient.java:214) >>> at >>> org.geotools.ows.wms.MultithreadedHttpClient.get(MultithreadedHttpClient.java:197) >>> at >>> org.geotools.data.ows.AbstractOpenWebService.internalIssueRequest(AbstractOpenWebService.java:436) >>> at org.geotools.ows.wms.WebMapServer.issueRequest(WebMapServer.java:443) >>> at >>> org.geotools.ows.wms.map.WMSCoverageReader.getMap(WMSCoverageReader.java:307) >>> at >>> org.geotools.ows.wms.map.WMSCoverageReader.read(WMSCoverageReader.java:290) >>> at >>> org.geotools.renderer.lite.gridcoverage2d.GridCoverageReaderHelper.readSingleCoverage(GridCoverageReaderHelper.java:642) >>> at >>> org.geotools.renderer.lite.gridcoverage2d.GridCoverageReaderHelper.readCoverage(GridCoverageReaderHelper.java:207) >>> at >>> org.geotools.renderer.lite.gridcoverage2d.GridCoverageRenderer.renderImage(GridCoverageRenderer.java:676) >>> at >>> org.geotools.renderer.lite.gridcoverage2d.GridCoverageRenderer.renderImage(GridCoverageRenderer.java:639) >>> at >>> org.geoserver.wms.map.RenderedImageMapOutputFormat.directRasterRender(RenderedImageMapOutputFormat.java:944) >>> ... 128 more >>> Caused by: sun.security.validator.ValidatorException: PKIX path validation >>> failed: java.security.cert.CertPathValidatorException: validity check failed >>> at sun.security.validator.PKIXValidator.doValidate(Unknown Source) >>> at sun.security.validator.PKIXValidator.engineValidate(Unknown Source) >>> at sun.security.validator.Validator.validate(Unknown Source) >>> at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source) >>> at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source) >>> at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown >>> Source) >>> ... 164 more >>> Caused by: java.security.cert.CertPathValidatorException: validity check >>> failed >>> at >>> sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(Unknown >>> Source) >>> at >>> sun.security.provider.certpath.PKIXCertPathValidator.validate(Unknown >>> Source) >>> at >>> sun.security.provider.certpath.PKIXCertPathValidator.validate(Unknown >>> Source) >>> at >>> sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(Unknown >>> Source) >>> at java.security.cert.CertPathValidator.validate(Unknown Source) >>> ... 170 more >>> Caused by: java.security.cert.CertificateExpiredException: NotAfter: Sat >>> Mar 28 16:33:00 CET 2020 >>> at sun.security.x509.CertificateValidity.valid(Unknown Source) >>> at sun.security.x509.X509CertImpl.checkValidity(Unknown Source) >>> at sun.security.provider.certpath.BasicChecker.verifyValidity(Unknown >>> Source) >>> at sun.security.provider.certpath.BasicChecker.check(Unknown Source) >>> >>> >>> >>> >>> _______________________________________________ >>> Geoserver-users mailing list >>> >>> Please make sure you read the following two resources before posting to >>> this list: >>> - Earning your support instead of buying it, but Ian Turton: >>> http://www.ianturton.com/talks/foss4g.html#/ >>> - The GeoServer user list posting guidelines: >>> http://geoserver.org/comm/userlist-guidelines.html >>> >>> If you want to request a feature or an improvement, also see this: >>> https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer >>> >>> >>> Geoserver-users@lists.sourceforge.net >>> https://lists.sourceforge.net/lists/listinfo/geoserver-users >>> >> >> >> -- >> Alexandre Gacon >> > -- Alexandre Gacon
_______________________________________________ Geoserver-users mailing list Please make sure you read the following two resources before posting to this list: - Earning your support instead of buying it, but Ian Turton: http://www.ianturton.com/talks/foss4g.html#/ - The GeoServer user list posting guidelines: http://geoserver.org/comm/userlist-guidelines.html If you want to request a feature or an improvement, also see this: https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer Geoserver-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-users
