issue with client certificates
Locked
 
|
-- You receive this message as a subscriber of the [hidden email] mailing list. To unsubscribe: mailto:[hidden email] For general help: mailto:[hidden email]?subject=help OW2 mailing lists service home page: http://www.ow2.org/wws |
Re: issue with client certificates
|
Administrator
|
Orbeon Forms version? Some of the properties used here are only
available since February: http://wiki.orbeon.com/forms/how-to/use-ssl-https -Erik On Fri, Apr 27, 2012 at 5:36 AM, brasilia brazil <[hidden email]> wrote: >> >> I have not been able to make it work with client-certificates. > > >> >> I used the guidelines published about the subject some years ago. >> >> I have two stores: a keyStore (keystore.jks) and a trustStore >> (cacerts.jks) >> I have the server certificate in both stores with the same alias (alias >> tomcat) >> I also have the CA root in the trustStore >> I have also added the Java VM options >> >> -Djavax.net.ssl.trustStore=C:\mytools\Tomcat 6.0\conf\cacerts.jks >> >> -Djavax.net.ssl.trustStorePassword=changeit >> >> I have used openSSL to create a certificated authority (CA). Both the >> server and the client certificates have been signed by this CA. >> >> Finally, I have added the following properties to properties-local.xml >> >> >> <property as="xs:anyURI" >> >> name="oxf.http.ssl.keystore.uri" >> >> value="file:///C:/mytools/Tomcat%206.0/conf/keystore.jks"/> >> >> <property as="xs:string" >> >> name="oxf.http.ssl.keystore.password" >> >> value="changeit"/> >> >> <property as="xs:anyURI" >> >> name="oxf.url-rewriting.service.base-uri" >> >> value="https://localhost:8443/orbeon-CE-4-10-2012"/> >> >> <property as="xs:anyURI" >> >> name="oxf.fr.persistence.exist.uri" >> >> >> value="https://localhost:8443/orbeon-CE-4-10-2012/fr/service/exist"/> >> >> <property as="xs:anyURI" >> >> name="oxf.fr.persistence.exist.exist-uri" >> >> >> value="https://localhost:8443/orbeon-CE-4-10-2012/exist/rest/db/orbeon/fr"/> >> >> <property as="xs:string" name="oxf.http.ssl.hostname-verifier" >> value="allow-all"/> >> >> >> Unfortunately, it is not working. Log is attached. >> >> Suggestions? >> >> >> >> >> >> 2012-04-10 20:29:38,511 INFO OrbeonServletContextListener - Servlet >> Context Listener - Context initialized. >> >> 2012-04-10 20:30:48,412 INFO ProcessorService - Servlet - Servlet >> initialized. >> >> 2012-04-10 20:30:48,848 INFO ProcessorService - / - Received request >> >> 2012-04-10 20:30:49,622 INFO ProcessorService - / - Timing: 780 >> >> 2012-04-10 20:30:49,864 INFO ProcessorService - /home/ - Received >> request >> >> 2012-04-10 20:30:50,675 INFO ProcessorService - /home/ - Timing: 811 >> >> 2012-04-10 20:30:53,624 INFO ProcessorService - >> /fr/orbeon/contact/summary - Received request >> >> 2012-04-10 20:30:56,469 WARN Version - Feature is not enabled in this >> version of the product: cached XForms instance >> >> 2012-04-10 20:30:57,670 WARN Version - Feature is not enabled in this >> version of the product: xpath-analysis >> >> 2012-04-10 20:30:58,408 WARN XFormsServer - xxforms:instance() - >> instance not found {instance id: "fr-form-resources"} >> >> 2012-04-10 20:30:58,412 WARN XFormsServer - xxforms:instance() - >> instance not found {instance id: "fr-form-resources"} >> >> 2012-04-10 20:30:58,937 ERROR XFormsServer - xforms-submit-error - >> setting throwable {throwable: "javax.net.ssl.SSLPeerUnverifiedException: >> peer not authenticated >> >> at >> sun.security.ssl.SSLSessionImpl.getPeerCertificates(Unknown Source) >> >> at >> org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128) >> >> at >> org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:390) >> >> at >> org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:148) >> >> at >> org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:149) >> >> at >> org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:121) >> >> at >> org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:562) >> >> at >> org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:415) >> >> at >> org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:820) >> >> at >> org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:754) >> >> at >> org.orbeon.oxf.resources.handler.HTTPURLConnection.connect(HTTPURLConnection.java:276) >> >> at >> org.orbeon.oxf.util.Connection.connect(Connection.java:532) >> >> at >> org.orbeon.oxf.xforms.submission.RegularSubmission$1.call(RegularSubmission.java:85) >> >> >> >> > > > > -- > You receive this message as a subscriber of the [hidden email] mailing > list. > To unsubscribe: mailto:[hidden email] > For general help: mailto:[hidden email]?subject=help > OW2 mailing lists service home page: http://www.ow2.org/wws > -- You receive this message as a subscriber of the [hidden email] mailing list. To unsubscribe: mailto:[hidden email] For general help: mailto:[hidden email]?subject=help OW2 mailing lists service home page: http://www.ow2.org/wws |
Re: issue with client certificates
|
|
Hi Erik,
I am seeing this problem also using CE 3.9.0. I recently upgraded from version 3.8.0. It did not happen before. Are these properties ok to use with CE 3.9.0? Or you need to use a nightly, PE or the recently announced 4.0 Milestone packages. Thanks ! Eduardo. |
Re: Re: issue with client certificates
|
Administrator
|
Eduardo,
3.9 was released May 15, 2011, and every property implemented after that is not in 3.9. See the dates associated with properties on this page: http://wiki.orbeon.com/forms/how-to/use-ssl-https But yes, they are in 4.0 M2 and in nightly builds as well. -Erik On Mon, Jun 4, 2012 at 4:21 PM, Eduardo Chiocconi <[hidden email]> wrote: > Hi Erik, > I am seeing this problem also using CE 3.9.0. I recently upgraded from > version 3.8.0. It did not happen before. Are these properties ok to use with > CE 3.9.0? Or you need to use a nightly, PE or the recently announced 4.0 > Milestone packages. > Thanks ! > > Eduardo. > > -- > View this message in context: http://orbeon-forms-ops-users.24843.n4.nabble.com/issue-with-client-certificates-tp4592535p4655191.html > Sent from the Orbeon Forms (ops-users) mailing list archive at Nabble.com. > > > -- > You receive this message as a subscriber of the [hidden email] mailing list. > To unsubscribe: mailto:[hidden email] > For general help: mailto:[hidden email]?subject=help > OW2 mailing lists service home page: http://www.ow2.org/wws > -- You receive this message as a subscriber of the [hidden email] mailing list. To unsubscribe: mailto:[hidden email] For general help: mailto:[hidden email]?subject=help OW2 mailing lists service home page: http://www.ow2.org/wws |
Re: Re: Re: issue with client certificates
|
|
Thanks Erik. I looks like by a couple of days the property I need is not there.
I will give the 4.0 M2 version a try. Thanks for your quick response and the great work you do with this distribution list.
Eduardo.
On Tue, Jun 5, 2012 at 9:34 PM, Erik Bruchez <[hidden email]> wrote: Eduardo, -- You receive this message as a subscriber of the [hidden email] mailing list. To unsubscribe: mailto:[hidden email] For general help: mailto:[hidden email]?subject=help OW2 mailing lists service home page: http://www.ow2.org/wws |
Re: Re: Re: Re: issue with client certificates
|
Administrator
|
> Thanks for your quick response and the great work you do with this
> distribution list. Thanks :) -Erik -- You receive this message as a subscriber of the [hidden email] mailing list. To unsubscribe: mailto:[hidden email] For general help: mailto:[hidden email]?subject=help OW2 mailing lists service home page: http://www.ow2.org/wws |
| Free forum by Nabble | Edit this page |