Richard Butland wrote:
I haven't tried a wildcard cert myself in some time, so can't swear it
works (but it certainly used to.)
Anyway, are you seeing this error before or after the login form?
Remember that up until the point that you've entered your login
credentials that you're just talking to Apache / Tomcat - so if you're
erroring before that, then the problem lies in your webserver
configuration, or in the firewall traversal part.
So, you may want to check your Apache and Tomcat logs to see if there's
something obvious there.
Did you use the "tarantella security enable" command to secure your system?
Do you have a custom CA certificate / intermediate cert? The
webservices endpoint keystore needs these installed,see:
http://docs.sun.com/source/820-6689/chapter7.html#Z40000061527178
As a quick test, check:
/opt/tarantella/webserver/tomcat/6.0.18_axis1.4/shared/classes/com/tarantella/tta/webservices/client/apis/Resources.properties
to see if all the endpoints are bound to https://servername:443/etc?
If so, a quick test might be to just restore the endpoints to
http://servername:80, retart everything, and see if that "fixes" the
problem. If so, the problem is in your keystore certificate trust chain.
Rick
Adam Allred wrote:
Hello,
I see in the SGD 4.5 admin guide that wildcard certs are supported for
the first domain of an SSL cert, e.g. *.domain.com:
(page 26)
---snip---
SGD supports the use of the wildcard for the first part of the domain
name, for
example .indigo-insurance.com.
---snip---
I've obtained a commercial certificate for my SGD server for
*.my.domain.com, and successfully installed it. After rebooting the
server, when I go to https://server.my.domain.com/sgd, I get this
error:
Error Page
The following exception was thrown:
I previously had this problem with RHEL5, and an earlier post pointed
me to my /etc/hosts file. I have ensured that my /etc/hosts file is
currently correct, and that my domain name is set.
I see no errors in any logs.
The admin console works, and I can perform all my tasks through it
with no problem over https.
I ensured that the wildcard cert I installed was the cert in use via
my web browsers certificate store.
Any thoughts?
Thanks,
Adam
_______________________________________________
SGD-Users mailing list
SGD-Users@filibeto.org
http://www.filibeto.org/mailman/listinfo/sgd-users
_______________________________________________
SGD-Users mailing list
SGD-Users@filibeto.org
http://www.filibeto.org/mailman/listinfo/sgd-users
I'm not using a "Custom" CA, it's digicert, who have their CA in all
modern browsers, and who are also signed by entrust. I can add them to
the keystore just to make sure.
The error is _before_ login, so it's an apache/tomcat problem. I forgot
the resources.properties file. I'll bet that's part of the problem.
I did do a "tarantella security enable"
It shouldn't be firewall traversal problems: I'm not using the SGD
Gateway, and the IP I'm on is rotated with another server in a
primary/secondary setup, so I can be certain that network based
firewalls are not the problem, as this IP has been used successfully for
SGD up until the day I pulled it out of the array to update to the
newest version, and got these problems. I'll double check host-based
firewalls.
Thanks for the advice, more info to come.
Adam
_______________________________________________
SGD-Users mailing list
SGD-Users@filibeto.org
http://www.filibeto.org/mailman/listinfo/sgd-users
