Orbeon Forms community mailing list
Login  Register

Re: RE: Re: RE: Re: upload doesn't good work with https

Posted by Erik Bruchez on Dec 22, 2010; 6:05pm
URL: https://discuss.orbeon.com/upload-doesn-t-good-work-with-https-tp3095800p3161018.html

Julien,

Excellent, thanks for confirming this.

-Erik

On Wed, Dec 22, 2010 at 8:07 AM, Bittard, Julien
<[hidden email]> wrote:

> Hello
>
>
>
> Thank you for your answers.
> I solved my problem: I could not add the existing certificate in the
> keystore of the tomcat jvm running. The problem was that I used the keytool
> server (under /usr/bin) and not the keytool of the tomcat jre !
> Now that the certificate was added to the jre, I have no error during the
> upload.
>
> thank you
>
>
>
> Julien .
>
>
>
> De : Tambet Matiisen [mailto:[hidden email]]
> Envoyé : mercredi 22 décembre 2010 16:09
>
> À : [hidden email]
> Objet : [ops-users] Re: RE: Re: upload doesn't good work with https
>
>
>
> Hard to tell from remote why it is not working. The error indicates, that
> you are trying to connect to https host from Java, and the certificate for
> this host doesn't have it's CA stored in trusted keystore.
>
> Maybe you could turn on some additional logging, to find out what host and
> URL it is trying to connect:
> http://wiki.orbeon.com/forms/doc/developer-guide/xforms-logging
>
> Upload shouldn't cause https request from Java. Maybe upload triggers some
> additional logic?
>
>   Tambet
>
> On 21.12.2010 11:33, Bittard, Julien wrote:
>
> Thank you for your response.
>
>
>
> There is a cert file in the apache conf, but when i try the « keytool … »
> command  with this file, it doesn’t work :
>
> « keytool error: gnu.javax.crypto.keyring.MalformedKeyringException:
> incorrect magic »
>
>
>
> I think I need to convert this certificat (open ssl) to use it with java. (I
> do not know anything in the certificate)
>
>
>
> But I don’t understand why only the upload needs this certificate. All
> others actions of my form work well. And with the older version of orbeon,
> the upload worked well too.
>
>
>
> Julien.
>
>
>
>
>
> De : Tambet Matiisen [mailto:[hidden email]]
> Envoyé : lundi 20 décembre 2010 21:44
> À : [hidden email]
> Objet : [ops-users] Re: upload doesn't good work with https
>
>
>
> Probably you are using certificate in Apache that is not signed by one of
> the JDK default CA-s. You need to add certificate of your CA to cacerts
> file. Follow steps here:
> http://www.devdaily.com/blog/post/java/keytool-cacerts-java-ssl
>
>   Tambet
>
> On 20.12.2010 18:19, Bittard, Julien wrote:
>
> Hello
>
>
>
> In our forms, the user can upload a file. So we have an xpl file which copy
> the file in the good directories.
>
> We have a client which use this form in an environnement https. All works
> good, except the file upload : the file is uploaded in the temp directories,
> but our xpl file doesn’t execute. There is an error on the orbeon log :
>
>
>
> 2010-12-20 16:42:51,000 ERROR XFormsServer  - xforms-submit-error - setting
> throwable {throwable:
> "sun.security.provider.certpath.SunCertPathBuilderException: unable to find
> valid certification path to requested target
>
>                 at
> sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)
>
>                 at
> java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)
>
>                 at
> sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:280)
>
>                 at
> sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:191)
>
>                 at
> sun.security.validator.Validator.validate(Validator.java:218)
>
>                 at
> com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
>
>                 at
> com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
>
>                 at
> com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
>
>                 at
> com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:954)
>
>                 at
> com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:123)
>
>                 at
> com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:516)
>
>                 at
> com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:454)
>
>                 at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:884)
>
>                 at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1096)
>
>                 at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:623)
>
>                 at
> com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)
>
>                 at
> java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
>
>                 at
> java.io.BufferedOutputStream.write(BufferedOutputStream.java:104)
>
>                 at
> java.io.FilterOutputStream.write(FilterOutputStream.java:80)
>
> ….
>
> Orbeon 3 .8 is installed on tomcat, and there is an apache server on front
> that contains the certificat.
>
>
>
> Before, we used orbeon 3.5.1 on the same architecture and there was no
> problem.
>
>
>
> Have you an idea ?
>
>
>
> Thank You.
>
>
>
> Julien .
>
>
>
> Think green - keep it on the screen. This e-mail and any attachment is for
> authorised use by the intended recipient(s) only. It may contain proprietary
> material, confidential information and/or be subject to legal privilege. It
> should not be copied, disclosed to, retained or used by, any other party. If
> you are not an intended recipient then please promptly delete this e-mail
> and any attachment and all copies and inform the sender. Thank you.
>
>
>
> Think green - keep it on the screen. This e-mail and any attachment is for
> authorised use by the intended recipient(s) only. It may contain proprietary
> material, confidential information and/or be subject to legal privilege. It
> should not be copied, disclosed to, retained or used by, any other party. If
> you are not an intended recipient then please promptly delete this e-mail
> and any attachment and all copies and inform the sender. Thank you.
>
>
>
> Think green - keep it on the screen. This e-mail and any attachment is for
> authorised use by the intended recipient(s) only. It may contain proprietary
> material, confidential information and/or be subject to legal privilege. It
> should not be copied, disclosed to, retained or used by, any other party. If
> you are not an intended recipient then please promptly delete this e-mail
> and any attachment and all copies and inform the sender. Thank you.
>
> --
> You receive this message as a subscriber of the [hidden email] mailing
> list.
> To unsubscribe: mailto:[hidden email]
> For general help: mailto:[hidden email]?subject=help
> OW2 mailing lists service home page: http://www.ow2.org/wws
>
>


--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto:[hidden email]?subject=help
OW2 mailing lists service home page: http://www.ow2.org/wws
Free forum by Nabble Edit this page