Hello,
next hurdle am having problems with is trusting the back-end certificate. We
have our own PKI and issued certificates for the back-end and front-end
servers. I have updated the keystore information in Tomcats server.xml
including the PKCS12 password. On CentOS there is no update-ca-certificates so
where would Tomcat pull the CA bundle details from ?
When I connect to the front-end and attempt to sign in I see within the
back-end djigzo.log the following:
26 Jul 2012 04:31:05 | WARN EXCEPTION (org.mortbay.log)
[1310202490@qtp-649430934-0]
javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1763)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1006)
at
sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1190)
at
sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1217)
at
sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1201)
at
org.mortbay.jetty.security.SslSocketConnector$SslConnection.run(SslSocketConnector.java:632)
at
org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:582)
--
Thanks, Phil
----- Original Message -----
> That be the magic :) Cheers Martijn.
> --
> Thanks, Phil
>
> ----- Original Message -----
> > On 07/24/2012 10:55 AM, Phil Daws wrote:
> > > that message was from the djigzo log ... on the back-end server I
> > > have not installed Tomcat yet, which I am guessing I will need to
> > > ? If I follow the
> > > http://djigzo.com/documents/djigzo-separate-front-and-back-end.pdf
> > > document it says I should copy into place a file to provide the
> > > HTTPS listener yet that does not exist as djigzo-web has not been
> > > installed.
> > >
> >
> > It seems that the guide is missing a relevant and important part.
> > In
> > the
> > file soap.xml you should uncomment the part which setups the https
> > connection for the soap server back-end.
> >
> > Look for the following line in the file soap.xml
> >
> > <!-- Enable if SOAP over HTTPS should be supported -->
> >
> > Uncomment the xml fragment and provide the correct parameters (path
> > to
> > pfx file and password of the pfx).
> >
> > Then restart the back-end.
> >
> > Kind regards,
> >
> > Martijn
> >
> > --
> > DJIGZO email encryption
> >
> >
> > _______________________________________________
> > Users mailing list
> > [email protected]
> > http://lists.djigzo.com/lists/listinfo/users
> >
> _______________________________________________
> Users mailing list
> [email protected]
> http://lists.djigzo.com/lists/listinfo/users
>
_______________________________________________
Users mailing list
[email protected]
http://lists.djigzo.com/lists/listinfo/users
