I have no idea what I did, but I went through the manual steps to adding certs and securing SGD...and it worked. I did not enable firewall traversal...
Thanks, Adam On Sun, Sep 27, 2009 at 9:04 PM, adam <prozaconsti...@gmail.com> wrote: > Richard Butland wrote: >> >> I haven't tried a wildcard cert myself in some time, so can't swear it >> works (but it certainly used to.) >> >> Anyway, are you seeing this error before or after the login form? >> Remember that up until the point that you've entered your login credentials >> that you're just talking to Apache / Tomcat - so if you're erroring before >> that, then the problem lies in your webserver configuration, or in the >> firewall traversal part. >> >> So, you may want to check your Apache and Tomcat logs to see if there's >> something obvious there. >> Did you use the "tarantella security enable" command to secure your >> system? >> Do you have a custom CA certificate / intermediate cert? The webservices >> endpoint keystore needs these installed,see: >> http://docs.sun.com/source/820-6689/chapter7.html#Z40000061527178 >> >> As a quick test, check: >> /opt/tarantella/webserver/tomcat/6.0.18_axis1.4/shared/classes/com/tarantella/tta/webservices/client/apis/Resources.properties >> >> to see if all the endpoints are bound to https://servername:443/etc? >> >> If so, a quick test might be to just restore the endpoints to >> http://servername:80, retart everything, and see if that "fixes" the >> problem. If so, the problem is in your keystore certificate trust chain. >> Rick >> >> >> Adam Allred wrote: >>> >>> Hello, >>> >>> I see in the SGD 4.5 admin guide that wildcard certs are supported for >>> the first domain of an SSL cert, e.g. *.domain.com: >>> >>> (page 26) >>> ---snip--- >>> SGD supports the use of the wildcard for the first part of the domain >>> name, for >>> example .indigo-insurance.com. >>> ---snip--- >>> >>> I've obtained a commercial certificate for my SGD server for >>> *.my.domain.com, and successfully installed it. After rebooting the >>> server, when I go to https://server.my.domain.com/sgd, I get this >>> error: >>> >>> Error Page >>> The following exception was thrown: >>> >>> I previously had this problem with RHEL5, and an earlier post pointed >>> me to my /etc/hosts file. I have ensured that my /etc/hosts file is >>> currently correct, and that my domain name is set. >>> >>> I see no errors in any logs. >>> >>> The admin console works, and I can perform all my tasks through it >>> with no problem over https. >>> >>> I ensured that the wildcard cert I installed was the cert in use via >>> my web browsers certificate store. >>> >>> Any thoughts? >>> >>> Thanks, >>> >>> Adam >>> _______________________________________________ >>> SGD-Users mailing list >>> SGD-Users@filibeto.org >>> http://www.filibeto.org/mailman/listinfo/sgd-users >>> >> >> _______________________________________________ >> SGD-Users mailing list >> SGD-Users@filibeto.org >> http://www.filibeto.org/mailman/listinfo/sgd-users > > oh, look at that, errors in the tomcat logs. I get one of these for every > load of https://servername/sgd: > > 2009-09-27 20:52:24 SEVERE Servlet.service() for servlet jsp threw > exception > > javax.servlet.ServletException: File > "/authentication/null/authentication/login.jsp" not found > 0 > org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:319) > 1 org.apache.jasper.servlet.JspServlet.service(JspServlet.java:267) > 2 javax.servlet.http.HttpServlet.service(HttpServlet.java:717) > 3 > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) > 4 > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) > 5 > org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:630) > 6 > org.apache.catalina.core.ApplicationDispatcher.doInclude(ApplicationDispatcher.java:535) > 7 > org.apache.catalina.core.ApplicationDispatcher.include(ApplicationDispatcher.java:472) > 8 > org.apache.jasper.runtime.JspRuntimeLibrary.include(JspRuntimeLibrary.java:968) > 9 > ... > > File not found? I'm at a loss of where to look to try and see what's > generating that path...any ideas? > > _______________________________________________ SGD-Users mailing list SGD-Users@filibeto.org http://www.filibeto.org/mailman/listinfo/sgd-users
