Hello Andrea,
Your advice about the trusted certificate could help me solve the problem.
I just imported the cert file to the JVM default keystore:
*keytool -import -alias tomcat -file cacert.der -keystore
$JAVA_HOME/jre/lib/security/cacerts*
(My JAVA_HOME var is the root JDK install dir)
It was necessary to restart tomcat... after the restart, I was able to run
a demo request using https...
As my client will run under the same server/tomcat then geoserver, I also
created a simple client test:
--------------------------
URL wfs = new URL("
https://tupi.rc.unesp.br/geoserver/wfs?request=getCapabilities";);
HttpURLConnection con = (HttpURLConnection) wfs.openConnection();
con.setRequestMethod("GET");
con.setDoOutput(true);
con.connect();
int responseCode = con.getResponseCode();
out.println(responseCode);
out.println();
Writer writer = new StringWriter();
char[] buffer = new char[1024];
Reader reader = new BufferedReader(new
InputStreamReader(con.getInputStream()));
int n;
while((n = reader.read(buffer)) != -1){
writer.write(buffer, 0, n);
}
out.println(writer.toString());
-----------------------
Remembering this was just to see the request result, and nothing more!
So, it seens the problem was not exactly with geoserver, but with my SSL
configuration and certificate...
Thanks for your help guys!
On Fri, May 18, 2012 at 12:15 PM, <[email protected]> wrote:
> Zitat von Andrea Aime <[email protected]>**:
>
>
> On Thu, May 17, 2012 at 7:10 PM, Rodrigo Antonialli
>> <[email protected]> wrote:
>>
>>> Hi everyone!
>>>
>>> I need some help to configure Geoserver under SSL!
>>>
>>> I've just configured SSL to work fine, following these instructions:
>>> http://www.tomcatexpert.com/**knowledge-base/using-openssl-**
>>> configure-ssl-certificates-**tomcat<http://www.tomcatexpert.com/knowledge-base/using-openssl-configure-ssl-certificates-tomcat>
>>>
>>> I can login in web admin interface, and preview some layers. Examples:
>>>
>>> https://tupi.rc.unesp.br/**geoserver/topp/ows?service=**
>>> WFS&version=1.0.0&request=**GetFeature&typeName=topp:**
>>> states&maxFeatures=50<https://tupi.rc.unesp.br/geoserver/topp/ows?service=WFS&version=1.0.0&request=GetFeature&typeName=topp:states&maxFeatures=50>
>>> - return the topp:states GML.
>>>
>>> https://tupi.rc.unesp.br/**geoserver/topp/wms?service=**
>>> WMS&version=1.1.0&request=**GetMap&layers=topp:states&**
>>> styles=&bbox=-124.**73142200000001,24.955967,-66.**
>>> 969849,49.371735&width=780&**height=330&srs=EPSG:4326&**
>>> format=application/openlayers<https://tupi.rc.unesp.br/geoserver/topp/wms?service=WMS&version=1.1.0&request=GetMap&layers=topp:states&styles=&bbox=-124.73142200000001,24.955967,-66.969849,49.371735&width=780&height=330&srs=EPSG:4326&format=application/openlayers>
>>> - The map is shown fine and I can click to show attributes.
>>>
>>> But when I try to run a Demo request, for example,
>>> WFS_GetCapabilities-1.0.xml, or one of the above, it shows me the error:
>>>
>>> <servlet-exception>
>>> javax.net.ssl.**SSLHandshakeException:
>>> sun.security.validator.**ValidatorException: PKIX path building failed:
>>> sun.security.provider.**certpath.**SunCertPathBuilderException: unable
>>> to find
>>> valid certification path to requested target
>>> </servlet-exception>
>>>
>>
>> The demo pages are sending the details to a server side servlet, which
>> in turn
>> does the actual post emulating a client using Java own URLConnection.
>> If your certificate is not trusted the above error will happen.
>>
>> The solution for URLConnection is not an easy one:
>> http://kerbtier.ch/2009/01/31/**urlconnection-and-https<http://kerbtier.ch/2009/01/31/urlconnection-and-https>
>>
>> Afaik if we rewrite the code using commons-httpclient it is instead
>> possible to ignore invalid certificates... requires some work though
>>
>> Cheers
>> Andrea
>>
>
> Yep, a solution is to implement an X509TrustManger trusting each
> certificate. I did something similar for my CAS tests here.
>
> https://svn.codehaus.org/**geoserver/trunk/src/security/**
> cas/src/test/java/org/**geoserver/security/cas/**LiveCasData.java<https://svn.codehaus.org/geoserver/trunk/src/security/cas/src/test/java/org/geoserver/security/cas/LiveCasData.java>
>
> Perhaps we should open a jira issue. If somebody can give me a starting
> point (where the url connection is created), I could try to solve the
> problem.
>
> Christian
>
>
>>
>> --
>> Ing. Andrea Aime
>> GeoSolutions S.A.S.
>> Tech lead
>>
>> Via Poggio alle Viti 1187
>> 55054 Massarosa (LU)
>> Italy
>>
>> phone: +39 0584 962313
>> fax: +39 0584 962313
>> mob: +39 339 8844549
>>
>> http://www.geo-solutions.it
>> http://geo-solutions.blogspot.**com/ <http://geo-solutions.blogspot.com/>
>> http://www.youtube.com/user/**GeoSolutionsIT<http://www.youtube.com/user/GeoSolutionsIT>
>> http://www.linkedin.com/in/**andreaaime<http://www.linkedin.com/in/andreaaime>
>> http://twitter.com/geowolf
>>
>> ------------------------------**------------------------------**
>> ------------------
>> Live Security Virtual Conference
>> Exclusive live event will cover all the ways today's security and
>> threat landscape has changed and how IT managers can respond. Discussions
>> will include endpoint security, mobile security and the latest in malware
>> threats.
>> http://www.accelacomm.com/jaw/**sfrnl04242012/114/50122263/<http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/>
>> ______________________________**_________________
>> Geoserver-users mailing list
>> Geoserver-users@lists.**sourceforge.net<[email protected]>
>> https://lists.sourceforge.net/**lists/listinfo/geoserver-users<https://lists.sourceforge.net/lists/listinfo/geoserver-users>
>>
>>
>
>
> ------------------------------**------------------------------**----
> This message was sent using IMP, the Internet Messaging Program.
>
>
--
Rodrigo C. Antonialli
======================================
Campinas - SP - Brasil
LinkedIn: http://www.linkedin.com/in/rcaprofile
Contato: (19) 8136-2347
[email protected]
Skype: rc_antonialli
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Geoserver-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/geoserver-users
