Re: [Geoserver-users] Access WFS services over https
Finally found appropriate solution for Geoserver https configuration Here are the steps to enable jetty to run geoserver on https, port:8443 • *Configuring Jetty for SSL* /Generating Keys and Certificates with JDK’s keytool/ 1. Use keytool to generate key pairs and certificates. /keytool.exe/ is available in installed jdk’s folder, ex: C:\Program Files\Java\jre1.8.0_201\bin. 2. Open command prompt and go to the directory where/ keytool.exe/ is present. 3. Run following command for creating keystore: */keytool -keystore keystore -alias jetty -genkey -keyalg RSA/* 4. Provide basic details after executing above command like name, country, and keystore password. Note down the entered password since it will be used while replacing the existing keystore in geoserver folder with the new one. 5. Now open /jetty-ssl.xml/ file present in etc folder and replace the KeyStorePassword, KeyManagerPassword, TrustStorePassword with the new password which is created while creating keystore. 6. Open & check /jetty.xml/ file in same folder, on which port https will run. • *Add new Keystore in Geoserver* 7. Copy the created keystore file and replace with the existing available in etc folder of geoserver ex: C:\GeoServer\etc. 8. Now check if ssl.mod file is present in modules folder or not, ex: C:\GeoServer\modules. 9. If present, then open the file and replace the password in jetty.keystore.password, jetty.keymanager.password and jetty.truststore.password with the new password. Otherwise download it from http://central.maven.org/maven2/org/eclipse/jetty/jetty-distribution/9.2.13.v20150730/jetty-distribution-9.2.13.v20150730.tar.gz. *NOTE* : Please make sure password entered should be same as in jetty-ssl.xml. 10. Open start.ini file present in C:\GeoServer folder add /--module =ssl, --module=https and jetty.secure.port=8443/ (if https is running on Port 8443. 11. Run geoserver, enter url https://localhost:8443/geoserver (assuming geoserver on local system). -- Sent from: http://osgeo-org.1560.x6.nabble.com/GeoServer-User-f3786390.html ___ Geoserver-users mailing list Please make sure you read the following two resources before posting to this list: - Earning your support instead of buying it, but Ian Turton: http://www.ianturton.com/talks/foss4g.html#/ - The GeoServer user list posting guidelines: http://geoserver.org/comm/userlist-guidelines.html If you want to request a feature or an improvement, also see this: https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer Geoserver-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-users
Re: [Geoserver-users] Access WFS services over https
Hi Sawan, I got a Tomcat 8/Geoserver 2.14.0 running under Linux. Here's what my Tomcat server.xml file looks like for a HTTPS conection : > Obviously, you won't go anywhere without a SSL certificate (Look for SSL/TLS in Tomcat docs). You must create one if there's none. Try first with an autosigned one. If everything's properly set (be aware that server.xml is case sensitive...), it should work fine. One thing, it was easier with Tomcat because I tried earlier with geoserver as an usual service but I didn't succeed configuring HTTPS... Hope it helps, good luck Benoît DEGRÈVE Risques sous-sols et cartographie Bachelier en gestion de données et cartographie -Message d'origine- De : Humphries, Graham (StateGrowth) [mailto:graham.humphr...@stategrowth.tas.gov.au] Envoyé : mardi 28 mai 2019 02:43 À : nikamsa1; geoserver-users@lists.sourceforge.net Objet : Re: [Geoserver-users] Access WFS services over https You will need to enable https through your app server. Port 8080 is typically used for http and port 8443 is used for https. I am not sure what the configuration options are in the Geoserver.exe app though. You could install Tomcat or jetty and deploy Geoserver there. Tomcat has the https configuration in its web.xml file which you can uncomment. Once you restart tomcat you should be able to use https eg: https://:8443/geoserver -Original Message- From: nikamsa1 [mailto:sawan.nika...@gmail.com] Sent: Monday, 27 May 2019 3:46 PM To: geoserver-users@lists.sourceforge.net Subject: Re: [Geoserver-users] Access WFS services over https Thanks Bradh for sharing possible alternatives to solve this issue. I tried with changing global setting in geoserver and changed the proxy url like - https://mydomain:8080/geoserver/WorkspaceName or https://mydomain:8080/geoserver/. But still it is not working for https. Thanks & Regards, Sawan Nikam -- Sent from: http://osgeo-org.1560.x6.nabble.com/GeoServer-User-f3786390.html ___ Geoserver-users mailing list Please make sure you read the following two resources before posting to this list: - Earning your support instead of buying it, but Ian Turton: http://www.ianturton.com/talks/foss4g.html#/ - The GeoServer user list posting guidelines: http://geoserver.org/comm/userlist-guidelines.html If you want to request a feature or an improvement, also see this: https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer Geoserver-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-users CONFIDENTIALITY NOTICE AND DISCLAIMER The information in this transmission may be confidential and/or protected by legal professional privilege, and is intended only for the person or persons to whom it is addressed. If you are not such a person, you are warned that any disclosure, copying or dissemination of the information is unauthorised. If you have received the transmission in error, please immediately contact this office by telephone, fax or email, to inform us of the error and to enable arrangements to be made for the destruction of the transmission, or its return at our cost. No liability is accepted for any unauthorised use of the information contained in this transmission. ___ Geoserver-users mailing list Please make sure you read the following two resources before posting to this list: - Earning your support instead of buying it, but Ian Turton: http://www.ianturton.com/talks/foss4g.html#/ - The GeoServer user list posting guidelines: http://geoserver.org/comm/userlist-guidelines.html If you want to request a feature or an improvement, also see this: https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer Geoserver-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-users ___ Geoserver-users mailing list Please make sure you read the following two resources before posting to this list: - Earning your support instead of buying it, but Ian Turton: http://www.ianturton.com/talks/foss4g.html#/ - The GeoServer user list posting guidelines: http://geoserver.org/comm/userlist-guidelines.html If you want to request a feature or an improvement, also see this: https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer Geoserver-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-users
Re: [Geoserver-users] Access WFS services over https
You will need to enable https through your app server. Port 8080 is typically used for http and port 8443 is used for https. I am not sure what the configuration options are in the Geoserver.exe app though. You could install Tomcat or jetty and deploy Geoserver there. Tomcat has the https configuration in its web.xml file which you can uncomment. Once you restart tomcat you should be able to use https eg: https://:8443/geoserver -Original Message- From: nikamsa1 [mailto:sawan.nika...@gmail.com] Sent: Monday, 27 May 2019 3:46 PM To: geoserver-users@lists.sourceforge.net Subject: Re: [Geoserver-users] Access WFS services over https Thanks Bradh for sharing possible alternatives to solve this issue. I tried with changing global setting in geoserver and changed the proxy url like - https://mydomain:8080/geoserver/WorkspaceName or https://mydomain:8080/geoserver/. But still it is not working for https. Thanks & Regards, Sawan Nikam -- Sent from: http://osgeo-org.1560.x6.nabble.com/GeoServer-User-f3786390.html ___ Geoserver-users mailing list Please make sure you read the following two resources before posting to this list: - Earning your support instead of buying it, but Ian Turton: http://www.ianturton.com/talks/foss4g.html#/ - The GeoServer user list posting guidelines: http://geoserver.org/comm/userlist-guidelines.html If you want to request a feature or an improvement, also see this: https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer Geoserver-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-users CONFIDENTIALITY NOTICE AND DISCLAIMER The information in this transmission may be confidential and/or protected by legal professional privilege, and is intended only for the person or persons to whom it is addressed. If you are not such a person, you are warned that any disclosure, copying or dissemination of the information is unauthorised. If you have received the transmission in error, please immediately contact this office by telephone, fax or email, to inform us of the error and to enable arrangements to be made for the destruction of the transmission, or its return at our cost. No liability is accepted for any unauthorised use of the information contained in this transmission. ___ Geoserver-users mailing list Please make sure you read the following two resources before posting to this list: - Earning your support instead of buying it, but Ian Turton: http://www.ianturton.com/talks/foss4g.html#/ - The GeoServer user list posting guidelines: http://geoserver.org/comm/userlist-guidelines.html If you want to request a feature or an improvement, also see this: https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer Geoserver-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-users
Re: [Geoserver-users] Access WFS services over https
Please understand that only sets up the geoserver application to add the right URLs if you've configured a proxy. It doesn't make a proxy exist - you still need to either configure jetty, or to add an external proxy. Brad -Original Message- From: nikamsa1 Sent: Monday, 27 May 2019 3:46 PM To: geoserver-users@lists.sourceforge.net Subject: Re: [Geoserver-users] Access WFS services over https Thanks Bradh for sharing possible alternatives to solve this issue. I tried with changing global setting in geoserver and changed the proxy url like - https://mydomain:8080/geoserver/WorkspaceName or https://mydomain:8080/geoserver/. But still it is not working for https. Thanks & Regards, Sawan Nikam -- Sent from: http://osgeo-org.1560.x6.nabble.com/GeoServer-User-f3786390.html ___ Geoserver-users mailing list Please make sure you read the following two resources before posting to this list: - Earning your support instead of buying it, but Ian Turton: http://www.ianturton.com/talks/foss4g.html#/ - The GeoServer user list posting guidelines: http://geoserver.org/comm/userlist-guidelines.html If you want to request a feature or an improvement, also see this: https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-inte grating-new-features-and-improvements-in-GeoServer Geoserver-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-users ___ Geoserver-users mailing list Please make sure you read the following two resources before posting to this list: - Earning your support instead of buying it, but Ian Turton: http://www.ianturton.com/talks/foss4g.html#/ - The GeoServer user list posting guidelines: http://geoserver.org/comm/userlist-guidelines.html If you want to request a feature or an improvement, also see this: https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer Geoserver-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-users
Re: [Geoserver-users] Access WFS services over https
Thanks Bradh for sharing possible alternatives to solve this issue. I tried with changing global setting in geoserver and changed the proxy url like - https://mydomain:8080/geoserver/WorkspaceName or https://mydomain:8080/geoserver/. But still it is not working for https. Thanks & Regards, Sawan Nikam -- Sent from: http://osgeo-org.1560.x6.nabble.com/GeoServer-User-f3786390.html ___ Geoserver-users mailing list Please make sure you read the following two resources before posting to this list: - Earning your support instead of buying it, but Ian Turton: http://www.ianturton.com/talks/foss4g.html#/ - The GeoServer user list posting guidelines: http://geoserver.org/comm/userlist-guidelines.html If you want to request a feature or an improvement, also see this: https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer Geoserver-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-users
Re: [Geoserver-users] Access WFS services over https
There are a few different ways to do this. I'd suggest using a reverse proxy (e.g. nginx or apache, whatever you like). Remember to set the proxy URL in "Global Settings". If you want to do it with just Jetty (which is what the .exe uses), see https://www.eclipse.org/jetty/documentation/current/configuring-ssl.html (assuming you have a current geoserver). Brad -Original Message- From: nikamsa1 Sent: Monday, 27 May 2019 3:07 PM To: geoserver-users@lists.sourceforge.net Subject: [Geoserver-users] Access WFS services over https Hello, I am trying to show features as a WFS service on map. Since, application is running over https and while accessing features from geoserver as a WFS services having URL like "/*http://:8080/geoserver/wfs*/". obtain following error of *Content Mismatch: trying to access insecure script from secure connection, try to access content over https*. I tried with "/*https://:8080/geoserver/wfs*/", but it is not working. If anyone had tried this, please share the solutions for this issue. I am using Geoserver.exe file not in Tomcat. Thanks & Regards, Sawan Nikam -- Sent from: http://osgeo-org.1560.x6.nabble.com/GeoServer-User-f3786390.html ___ Geoserver-users mailing list Please make sure you read the following two resources before posting to this list: - Earning your support instead of buying it, but Ian Turton: http://www.ianturton.com/talks/foss4g.html#/ - The GeoServer user list posting guidelines: http://geoserver.org/comm/userlist-guidelines.html If you want to request a feature or an improvement, also see this: https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-inte grating-new-features-and-improvements-in-GeoServer Geoserver-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-users ___ Geoserver-users mailing list Please make sure you read the following two resources before posting to this list: - Earning your support instead of buying it, but Ian Turton: http://www.ianturton.com/talks/foss4g.html#/ - The GeoServer user list posting guidelines: http://geoserver.org/comm/userlist-guidelines.html If you want to request a feature or an improvement, also see this: https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer Geoserver-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-users
