adam
Sat, 26 Sep 2009 15:57:46 -0700
Richard Butland wrote:
I haven't tried a wildcard cert myself in some time, so can't swear it works (but it certainly used to.)Anyway, are you seeing this error before or after the login form? Remember that up until the point that you've entered your login credentials that you're just talking to Apache / Tomcat - so if you're erroring before that, then the problem lies in your webserver configuration, or in the firewall traversal part.So, you may want to check your Apache and Tomcat logs to see if there's something obvious there.Did you use the "tarantella security enable" command to secure your system?Do you have a custom CA certificate / intermediate cert? The webservices endpoint keystore needs these installed,see: http://docs.sun.com/source/820-6689/chapter7.html#Z40000061527178As a quick test, check: /opt/tarantella/webserver/tomcat/6.0.18_axis1.4/shared/classes/com/tarantella/tta/webservices/client/apis/Resources.propertiesto see if all the endpoints are bound to https://servername:443/etc?If so, a quick test might be to just restore the endpoints to http://servername:80, retart everything, and see if that "fixes" the problem. If so, the problem is in your keystore certificate trust chain.Rick Adam Allred wrote:Hello, I see in the SGD 4.5 admin guide that wildcard certs are supported for the first domain of an SSL cert, e.g. *.domain.com: (page 26) ---snip---SGD supports the use of the wildcard for the first part of the domain name, forexample .indigo-insurance.com. ---snip--- I've obtained a commercial certificate for my SGD server for *.my.domain.com, and successfully installed it. After rebooting the server, when I go to https://server.my.domain.com/sgd, I get this error: Error Page The following exception was thrown: I previously had this problem with RHEL5, and an earlier post pointed me to my /etc/hosts file. I have ensured that my /etc/hosts file is currently correct, and that my domain name is set. I see no errors in any logs. The admin console works, and I can perform all my tasks through it with no problem over https. I ensured that the wildcard cert I installed was the cert in use via my web browsers certificate store. Any thoughts? Thanks, Adam _______________________________________________ SGD-Users mailing list SGD-Users@filibeto.org http://www.filibeto.org/mailman/listinfo/sgd-users_______________________________________________ SGD-Users mailing list SGD-Users@filibeto.org http://www.filibeto.org/mailman/listinfo/sgd-users
I'm not using a "Custom" CA, it's digicert, who have their CA in all modern browsers, and who are also signed by entrust. I can add them to the keystore just to make sure.
The error is _before_ login, so it's an apache/tomcat problem. I forgot the resources.properties file. I'll bet that's part of the problem.
I did do a "tarantella security enable"It shouldn't be firewall traversal problems: I'm not using the SGD Gateway, and the IP I'm on is rotated with another server in a primary/secondary setup, so I can be certain that network based firewalls are not the problem, as this IP has been used successfully for SGD up until the day I pulled it out of the array to update to the newest version, and got these problems. I'll double check host-based firewalls.
Thanks for the advice, more info to come. Adam _______________________________________________ SGD-Users mailing list SGD-Users@filibeto.org http://www.filibeto.org/mailman/listinfo/sgd-users