I am still struggling with this, when I try to visit the login page with
https I get this in the logs:
[STDERR] 2016-10-27 22:23:44.943:WARN:oejh.HttpParser:qtp3213500-21:
Illegal character 0x16 in state=START for buffer
HeapByteBuffer@43a25f11[p=1,l=190,c=8192,r=189]={\x16<<<\x03\x01\x00\xB9\x01\x00\x00\xB5\x03\x03\x08\xC2\xB6\xCa\x82\xB1+...\x02\x01\x00\x00\n\x00\x08\x00\x06\x00\x1d\x00\x17\x00\x18>>>ke
Gecko)
Chrome/...\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00}
[STDERR] 2016-10-27 22:23:44.945:WARN:oejh.HttpParser:qtp3213500-21: bad
HTTP parsed: 400 Illegal character 0x16 for
HttpChannelOverHttp@4d65a915{r=0,c=false,a=IDLE,uri=null}
in wget: OpenSSL: error:140770FC:SSL
routines:SSL23_GET_SERVER_HELLO:unknown protocol
I tried to up the logging on jetty/apache in the log4j2, but the names I've
found haven't made a difference.
I can see that Jetty is loading my x509 certs from thekeystore, but still
https is not working.
I don't have much time left and need this working tomorrow. I don't
understand where the documentation for this is. I see some on Eclipse
website, but doesn't seem to make any
difference:
https://wiki.eclipse.org/Jetty/Howto/Configure_SSL#Loading_Keys_and_Certificates
On Wednesday, October 26, 2016 at 2:35:23 PM UTC-7, Brandon Martin wrote:
>
> I've spent most of the day trying to figure this out, but thus far it has
> beaten me.
>
> I am on the final stages of my CAS deployment, LDAP working, password
> policies working, prettied up the theme, but when putting the server up
> behind my load balancer I'm still getting "Non-Secure Connection".
>
> I've changed my jetty.xml slightly in thinking disabling the port 8080
> connector would do the trick, nope. It's now serving only on port 8443 but
> won't accept https connections.
>
> Attached are the Jetty xml files. I've tried adding different connectors
> from here with no luck:
> http://www.eclipse.org/jetty/documentation/9.1.5.v20140505/configuring-connectors.html
>
> Here's what I see in the logs too, doesn't look to be using https:
>
> [STDERR] 2016-10-26 21:16:49.545:INFO:/cas:main: Initializing Spring
> FrameworkServlet 'cas'
> [STDERR] 2016-10-26 21:16:49.740:INFO:oejsh.ContextHandler:main: Started
> o.e.j.m.p.JettyWebAppContext@64c87930{/cas,[file:///cas-overlay/src/main/webapp/,
>
> file:///cas-overlay/target/tmp/cas-server-webapp-4_2_6_war1/],AVAILABLE}
> [STDERR] 2016-10-26 21:16:49.761:INFO:oejus.SslContextFactory:main:
> x509=X509@502f9271(root,h=[psd401.net],w=[psd401.net]) for
> SslContextFactory@313b6907(file:///etc/cas/jetty/thekeystore,file:///etc/cas/jetty/thekeystore)
> [STDERR] 2016-10-26 21:16:49.765:INFO:oejus.SslContextFactory:main:
> x509=X509@3f64a088(tomcat,h=[],w=[]) for
> SslContextFactory@313b6907(file:///etc/cas/jetty/thekeystore,file:///etc/cas/jetty/thekeystore)
> [STDERR] 2016-10-26 21:16:49.820:INFO:oejs.ServerConnector:main: Started
> ServerConnector@31e9f7ae{HTTP/1.1,[ssl, http/1.1]}{0.0.0.0:8443}
> [STDERR] 2016-10-26 21:16:49.820:INFO:oejs.Server:main: Started @10826ms
> [STDOUT] -1PB1KXG2D6QF6
>
> I figured that if I added my nginx certificate to my keystore, that would
> do the trick. This didn't work either.
>
> In previous CAS versions I remember having to change the server.xml, but I
> can't find how to change that file with 4.2.6.
>
--
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/adc62265-e475-4eb7-874e-5d61998a79ed%40apereo.org.
