Chris Turchin created CMIS-1007:
-----------------------------------

             Summary: Server name indication support for cmis-workbench
                 Key: CMIS-1007
                 URL: https://issues.apache.org/jira/browse/CMIS-1007
             Project: Chemistry
          Issue Type: Improvement
          Components: opencmis-workbench
    Affects Versions: OpenCMIS 1.0.0
         Environment: Windows 8.1
            Reporter: Chris Turchin


I have recently started using letsencrypt as a certificate authority for my 
development servers. 

Unfortunately, I get the following error when trying to login to my cmis server 
using the latest version of cmis-workbench:

{code}
> 18:17:48 ERROR hemistry.opencmis.workbench.ClientHelper: 
> CmisPermissionDeniedException: Forbidden
org.apache.chemistry.opencmis.commons.exceptions.CmisPermissionDeniedException: 
Forbidden
        at 
org.apache.chemistry.opencmis.client.bindings.spi.atompub.AbstractAtomPubService.convertStatusCode(AbstractAtomPubService.java:497)
        at 
org.apache.chemistry.opencmis.client.bindings.spi.atompub.AbstractAtomPubService.read(AbstractAtomPubService.java:701)
        at 
org.apache.chemistry.opencmis.client.bindings.spi.atompub.AbstractAtomPubService.getRepositoriesInternal(AbstractAtomPubService.java:873)
        at 
org.apache.chemistry.opencmis.client.bindings.spi.atompub.RepositoryServiceImpl.getRepositoryInfos(RepositoryServiceImpl.java:66)
        at 
org.apache.chemistry.opencmis.client.bindings.impl.RepositoryServiceImpl.getRepositoryInfos(RepositoryServiceImpl.java:92)
        at 
org.apache.chemistry.opencmis.client.runtime.SessionFactoryImpl.getRepositories(SessionFactoryImpl.java:120)
        at 
org.apache.chemistry.opencmis.workbench.model.ClientSession.connect(ClientSession.java:243)
        at 
org.apache.chemistry.opencmis.workbench.model.ClientSession.<init>(ClientSession.java:124)
        at 
org.apache.chemistry.opencmis.workbench.LoginDialog.createClientSession(LoginDialog.java:302)
        at 
org.apache.chemistry.opencmis.workbench.LoginDialog$1.actionPerformed(LoginDialog.java:123)
        at javax.swing.AbstractButton.fireActionPerformed(Unknown Source)
        at javax.swing.AbstractButton$Handler.actionPerformed(Unknown Source)
        at javax.swing.DefaultButtonModel.fireActionPerformed(Unknown Source)
        at javax.swing.DefaultButtonModel.setPressed(Unknown Source)
        at javax.swing.AbstractButton.doClick(Unknown Source)
        at 
javax.swing.plaf.basic.BasicRootPaneUI$Actions.actionPerformed(Unknown Source)
        at javax.swing.SwingUtilities.notifyAction(Unknown Source)
        at javax.swing.JComponent.processKeyBinding(Unknown Source)
        at javax.swing.KeyboardManager.fireBinding(Unknown Source)
        at javax.swing.KeyboardManager.fireKeyboardAction(Unknown Source)
        at javax.swing.JComponent.processKeyBindingsForAllComponents(Unknown 
Source)
        at javax.swing.JComponent.processKeyBindings(Unknown Source)
        at javax.swing.JComponent.processKeyEvent(Unknown Source)
        at java.awt.Component.processEvent(Unknown Source)
        at java.awt.Container.processEvent(Unknown Source)
        at java.awt.Component.dispatchEventImpl(Unknown Source)
        at java.awt.Container.dispatchEventImpl(Unknown Source)
        at java.awt.Component.dispatchEvent(Unknown Source)
        at java.awt.KeyboardFocusManager.redispatchEvent(Unknown Source)
        at java.awt.DefaultKeyboardFocusManager.dispatchKeyEvent(Unknown Source)
        at java.awt.DefaultKeyboardFocusManager.preDispatchKeyEvent(Unknown 
Source)
        at java.awt.DefaultKeyboardFocusManager.typeAheadAssertions(Unknown 
Source)
        at java.awt.DefaultKeyboardFocusManager.dispatchEvent(Unknown Source)
        at java.awt.Component.dispatchEventImpl(Unknown Source)
        at java.awt.Container.dispatchEventImpl(Unknown Source)
        at java.awt.Window.dispatchEventImpl(Unknown Source)
        at java.awt.Component.dispatchEvent(Unknown Source)
        at java.awt.EventQueue.dispatchEventImpl(Unknown Source)
        at java.awt.EventQueue.access$500(Unknown Source)
        at java.awt.EventQueue$3.run(Unknown Source)
        at java.awt.EventQueue$3.run(Unknown Source)
        at java.security.AccessController.doPrivileged(Native Method)
        at 
java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(Unknown
 Source)
        at 
java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(Unknown
 Source)
        at java.awt.EventQueue$4.run(Unknown Source)
        at java.awt.EventQueue$4.run(Unknown Source)
        at java.security.AccessController.doPrivileged(Native Method)
        at 
java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(Unknown
 Source)
        at java.awt.EventQueue.dispatchEvent(Unknown Source)> 18:17:48 ERROR 
hemistry.opencmis.workbench.ClientHelper: Error code: 0
> 18:17:48 ERROR hemistry.opencmis.workbench.ClientHelper: Error content: 
> <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access /mc/cmis/atom
on this server.<br />
Reason: The client software did not provide a hostname using Server Name 
Indication (SNI), which is required to access this server.<br />
</p>
</body></html>
{code}

The certificate is on the reverse proxy, running  Apache/2.4.18 (Ubuntu) and 
looks basically like this:

{code}
<VirtualHost somehost.somedomain:443>
ServerName somehost.somedomain
SSLEngine On
SSLCertificateFile             /var/letsencrypt/somehost.somedomain/signed.crt
SSLCertificateKeyFile          /var/letsencrypt/somehost.somedomain/domain.key
SSLCACertificateFile           
/var/letsencrypt/somehost.somedomain/intermediate.pem
SSLProtocol +TLSv1.2 +TLSv1.1 +TLSv1
SSLOpenSSLConfCmd DHParameters "/usr/local/apache2/1024dhparams.pem"
SSLProxyEngine on
ProxyPass        / http://localhost:8379/ timeout=600
ProxyPassReverse / http://localhost:8379/ timeout=600
ProxyPreserveHost On
Header set Access-Control-Allow-Origin "*"
Header set Access-Control-Allow-Credentials "true"
Header edit Location ^http(\:\/\/.*)$ https$1
</VirtualHost>
{code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to