This is driving me bonkers!:( On the front-end I have tried creating a Java Keystore and importing the PKCS12 server certificate and the back-end PEM certificate. Then changing the Tomcat server.xml to point too the JKS file. All starts up well and listening on 8443. I can go to the Djigzo interface but as soon as I try and authenticate I see the same error message appear in the djigzo.log on the back-end :( -- Thanks, Phil
----- Original Message ----- > Hello, > > next hurdle am having problems with is trusting the back-end > certificate. We have our own PKI and issued certificates for the > back-end and front-end servers. I have updated the keystore > information in Tomcats server.xml including the PKCS12 password. On > CentOS there is no update-ca-certificates so where would Tomcat pull > the CA bundle details from ? > > When I connect to the front-end and attempt to sign in I see within > the back-end djigzo.log the following: > > 26 Jul 2012 04:31:05 | WARN EXCEPTION (org.mortbay.log) > [1310202490@qtp-649430934-0] > javax.net.ssl.SSLHandshakeException: Received fatal alert: > certificate_unknown > at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) > at sun.security.ssl.Alerts.getSSLException(Alerts.java:154) > at > sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1763) > at > sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1006) > at > > sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1190) > at > sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1217) > at > sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1201) > at > > org.mortbay.jetty.security.SslSocketConnector$SslConnection.run(SslSocketConnector.java:632) > at > > org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:582) > -- > Thanks, Phil > > ----- Original Message ----- > > That be the magic :) Cheers Martijn. > > -- > > Thanks, Phil > > > > ----- Original Message ----- > > > On 07/24/2012 10:55 AM, Phil Daws wrote: > > > > that message was from the djigzo log ... on the back-end server > > > > I > > > > have not installed Tomcat yet, which I am guessing I will need > > > > to > > > > ? If I follow the > > > > http://djigzo.com/documents/djigzo-separate-front-and-back-end.pdf > > > > document it says I should copy into place a file to provide the > > > > HTTPS listener yet that does not exist as djigzo-web has not > > > > been > > > > installed. > > > > > > > > > > It seems that the guide is missing a relevant and important part. > > > In > > > the > > > file soap.xml you should uncomment the part which setups the > > > https > > > connection for the soap server back-end. > > > > > > Look for the following line in the file soap.xml > > > > > > <!-- Enable if SOAP over HTTPS should be supported --> > > > > > > Uncomment the xml fragment and provide the correct parameters > > > (path > > > to > > > pfx file and password of the pfx). > > > > > > Then restart the back-end. > > > > > > Kind regards, > > > > > > Martijn > > > > > > -- > > > DJIGZO email encryption > > > > > > > > > _______________________________________________ > > > Users mailing list > > > [email protected] > > > http://lists.djigzo.com/lists/listinfo/users > > > > > _______________________________________________ > > Users mailing list > > [email protected] > > http://lists.djigzo.com/lists/listinfo/users > > > _______________________________________________ > Users mailing list > [email protected] > http://lists.djigzo.com/lists/listinfo/users > _______________________________________________ Users mailing list [email protected] http://lists.djigzo.com/lists/listinfo/users
