Richard Butland wrote:
I haven't tried a wildcard cert myself in some time, so can't swear it
works (but it certainly used to.)
Anyway, are you seeing this error before or after the login form?
Remember that up until the point that you've entered your login
credentials that you're just talking to Apache / Tomcat - so if you're
erroring before that, then the problem lies in your webserver
configuration, or in the firewall traversal part.
So, you may want to check your Apache and Tomcat logs to see if there's
something obvious there.
Did you use the "tarantella security enable" command to secure your system?
Do you have a custom CA certificate / intermediate cert? The
webservices endpoint keystore needs these installed,see:
http://docs.sun.com/source/820-6689/chapter7.html#Z40000061527178
As a quick test, check:
/opt/tarantella/webserver/tomcat/6.0.18_axis1.4/shared/classes/com/tarantella/tta/webservices/client/apis/Resources.properties
to see if all the endpoints are bound to https://servername:443/etc?
If so, a quick test might be to just restore the endpoints to
http://servername:80, retart everything, and see if that "fixes" the
problem. If so, the problem is in your keystore certificate trust chain.
Rick
Adam Allred wrote:
Hello,
I see in the SGD 4.5 admin guide that wildcard certs are supported for
the first domain of an SSL cert, e.g. *.domain.com:
(page 26)
---snip---
SGD supports the use of the wildcard for the first part of the domain
name, for
example .indigo-insurance.com.
---snip---
I've obtained a commercial certificate for my SGD server for
*.my.domain.com, and successfully installed it. After rebooting the
server, when I go to https://server.my.domain.com/sgd, I get this
error:
Error Page
The following exception was thrown:
I previously had this problem with RHEL5, and an earlier post pointed
me to my /etc/hosts file. I have ensured that my /etc/hosts file is
currently correct, and that my domain name is set.
I see no errors in any logs.
The admin console works, and I can perform all my tasks through it
with no problem over https.
I ensured that the wildcard cert I installed was the cert in use via
my web browsers certificate store.
Any thoughts?
Thanks,
Adam
_______________________________________________
SGD-Users mailing list
SGD-Users@filibeto.org
http://www.filibeto.org/mailman/listinfo/sgd-users
_______________________________________________
SGD-Users mailing list
SGD-Users@filibeto.org
http://www.filibeto.org/mailman/listinfo/sgd-users
Hello,
The server logs show many client login failed errors for the webserver,
but they don't appear to be consistent w/ the timestamps of my testing.
That's a bit confusing...
I tried flipping back over to port 80 via the Resources.properties file,
and was redirected to https, and was presented the self signed cert from
the "security enable" command, and it did work.
So, I reissued the cert, and very very VERY slowly followed the admin
guide again. I came across this warning when I went to add a custom ca,
since digicert is an intermediate CA:
error 2 at 1 depth lookup:unable to get issuer certificate
WARNING: The custom CA certificate you are installing is not the one used to
sign the server certificate you have installed.
Are you SURE you want to install this CA certificate? [no]
I got this after splitting the intermediate ca and root ca (entrust)
certs into two separate files, and importing one by one. Previously, I
had combined the intermediate and root ca into one, and added with no
problem. Attempting to add the combined certs does not result in this
warning.
Aside from that bit (which I think was due to the split), I still can't
see any indication of a problem.
Any thoughts?
Thanks,
Adam
_______________________________________________
SGD-Users mailing list
SGD-Users@filibeto.org
http://www.filibeto.org/mailman/listinfo/sgd-users