[Dspace-tech] R: Re: [Dspace-devel] Dspace and CAS problem (SSL)

2012-10-13 Thread bollini 
Hi revskill,
the most simple thing to do is access the casserver url from your browser and 
download the shown certificate.
I have not a pc here so I can't check the command myself...
Try to follow the instructions listed 
here: http://blog.lesc.se/2009/09/how-to-makejava-ssl-trust-certificate.html?m=1

Be sure to indicate your cacerts as trustore file.
Andrea


Inviato da Samsung Mobilerevskill  ha scritto:I see. Now 
i had 2 files casserver.crt and casserver.key from CAS server
(signed from my own CA.crt and CA.key)
I had dspace.crt and dspace.key (signed from those CA.crt and CA.key, too),
can you point me specifically how to trust that CA.crt from JVM truststore
? Thank you very much.

2012/10/13 bollini 

> Probably you are using a selfsigned certificate. You need to trust the cas
> ssl certificate in the jvm that is used to run dspace (tomcat). Look to the
> keytool help to check the exact parameter.
> The truststore is usually stored in a file named cacerts in the
> lib/security of your jre.
> Hope this help,
> Andrea
>
>
> Inviato da Samsung Mobile
>
> revskill  ha scritto:
>



-- 
TRUONG HOANG DUNG*
**Librarian Researcher
**Information and Library Centre
Mobile: 0121.411.5322
Email: dun...@hpu.edu.vn*
*Hai Phong Private University* 
--
Don't let slow site performance ruin your business. Deploy New Relic APM
Deploy New Relic app performance management and know exactly
what is happening inside your Ruby, Python, PHP, Java, and .NET app
Try New Relic at no cost today and get our sweet Data Nerd shirt too!
http://p.sf.net/sfu/newrelic-dev2dev___
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech

Re: [Dspace-tech] [Dspace-devel] Dspace and CAS problem (SSL)

2012-10-13 Thread revskill 
I see. Now i had 2 files casserver.crt and casserver.key from CAS server
(signed from my own CA.crt and CA.key)
I had dspace.crt and dspace.key (signed from those CA.crt and CA.key, too),
can you point me specifically how to trust that CA.crt from JVM truststore
? Thank you very much.

2012/10/13 bollini 

> Probably you are using a selfsigned certificate. You need to trust the cas
> ssl certificate in the jvm that is used to run dspace (tomcat). Look to the
> keytool help to check the exact parameter.
> The truststore is usually stored in a file named cacerts in the
> lib/security of your jre.
> Hope this help,
> Andrea
>
>
> Inviato da Samsung Mobile
>
> revskill  ha scritto:
>



-- 
TRUONG HOANG DUNG*
**Librarian Researcher
**Information and Library Centre
Mobile: 0121.411.5322
Email: dun...@hpu.edu.vn*
*Hai Phong Private University* 
--
Don't let slow site performance ruin your business. Deploy New Relic APM
Deploy New Relic app performance management and know exactly
what is happening inside your Ruby, Python, PHP, Java, and .NET app
Try New Relic at no cost today and get our sweet Data Nerd shirt too!
http://p.sf.net/sfu/newrelic-dev2dev___
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech

[Dspace-tech] R: [Dspace-devel] Dspace and CAS problem (SSL)

2012-10-13 Thread bollini 
Probably you are using a selfsigned certificate. You need to trust the cas ssl 
certificate in the jvm that is used to run dspace (tomcat). Look to the keytool 
help to check the exact parameter.
The truststore is usually stored in a file named cacerts in the lib/security of 
your jre.
Hope this help,
Andrea


Inviato da Samsung Mobilerevskill  ha scritto:Hi everyone.
I'm running Dspace behind Apache Proxy (listen in port 443) with servername
https://dspace
My CAS server is running as https://casserver
When i submit login form from CAS server, the client returned the error
below in log file:

*012-10-13 08:57:21,500 ERROR org.dspace.authenticate.CASAuthentication @
Unexpected exception caught
javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
at
com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown
Source)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown
Source)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown
Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown
Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown
Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown
Source)*

As i see, this is problem with Dspace when it must verify the server
certificate in order to process service ticket from CAS server.
Do you know how to fix this problem ?

Thank you very much.
-- 
TRUONG HOANG DUNG*
**Librarian Researcher
**Information and Library Centre
Mobile: 0121.411.5322
Email: dun...@hpu.edu.vn*
*Hai Phong Private University* 
--
Don't let slow site performance ruin your business. Deploy New Relic APM
Deploy New Relic app performance management and know exactly
what is happening inside your Ruby, Python, PHP, Java, and .NET app
Try New Relic at no cost today and get our sweet Data Nerd shirt too!
http://p.sf.net/sfu/newrelic-dev2dev___
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech