You are viewing a plain text version of this content. The canonical link for it is here.
Posted to slide-user@jakarta.apache.org by Jeanna Geier <jg...@apt-cafm.com> on 2006/08/22 23:24:58 UTC
Slide and Secure Site Access (https)
Hi, I'm having some problems accessing a secure site and would appreciate any assistance anyone could give me. I'm a newbie here, so please bear with me.
When trying to connect using the Slide client run.bat, the following error is occurring:
[ Slide ] $ open https://localhost/slide/files
connect https://localhost/slide/files/
Error: sun.security.validator.ValidatorException: PKIX path building failed: sun
.security.provider.certpath.SunCertPathBuilderException: unable to find valid ce
rtification path to requested target
[ Slide ] $
However, if I try to connect via Internet Explorer, I don't have any problems (I am able to connect and see the authentication certificate as expected).
Another issue that I'm running into is that when trying to build the project using NetBeans, it is returning an error that it can't find the documents it needs (https://localhost/slide/files/Documents), even though they are out there. I'm assuming these two issues are related...
These error started occurring after adding the following authentication info in my jakarta-slide-2.1-tomcat-5.0.28\webapps\slide\WEB-INF\web.xml file:
<security-constraint>
<web-resource-collection>
<web-resource-name>Entire Application</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<description>Constrain the entire application to force use of HTTPS</description>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
Thanks in advance for any help you can provide!
Jeanna
Re: Slide and Secure Site Access (https)
Posted by Jeanna Geier <jg...@apt-cafm.com>.
I've posted this problem on another site and was told that "The popup for
the certificate appears because it isn't trusted, i.e. it isn't signed by a
CA trusted by the browser. Fix that (by getting a signed cert) and you've
fixed everything." However, I verified that the certificate I was using was
a 'trusted' certificate...when I login via Internet Explorer
(https://localhost/slide/files) I got the popup for the certificate the
first time and after clicking 'yes' to trust it, the next time I logged in
using IE, I did not get the popup.
However, I am still receiving the the two errors as described below; any
help would be greatly appreciated!
When trying to connect using the Slide client run.bat, the following error
is occurring:
[ Slide ] $ open https://localhost/slide/files
connect https://localhost/slide/files/
Error: sun.security.validator.ValidatorException: PKIX path building failed:
sun
.security.provider.certpath.SunCertPathBuilderException: unable to find
valid ce
rtification path to requested target
[ Slide ] $
and
Another issue that I'm running into is that when trying to build the project
using NetBeans, it is returning an error that it can't find the documents it
needs (https://localhost/slide/files/Documents), even though they are out
there.
Thanks for your time and assistance.
-Jeanna
----- Original Message -----
From: "Jeanna Geier" <jg...@apt-cafm.com>
To: <sl...@jakarta.apache.org>
Sent: Tuesday, August 22, 2006 4:24 PM
Subject: Slide and Secure Site Access (https)
Hi, I'm having some problems accessing a secure site and would appreciate
any assistance anyone could give me. I'm a newbie here, so please bear with
me.
When trying to connect using the Slide client run.bat, the following error
is occurring:
[ Slide ] $ open https://localhost/slide/files
connect https://localhost/slide/files/
Error: sun.security.validator.ValidatorException: PKIX path building failed:
sun
.security.provider.certpath.SunCertPathBuilderException: unable to find
valid ce
rtification path to requested target
[ Slide ] $
However, if I try to connect via Internet Explorer, I don't have any
problems (I am able to connect and see the authentication certificate as
expected).
Another issue that I'm running into is that when trying to build the project
using NetBeans, it is returning an error that it can't find the documents it
needs (https://localhost/slide/files/Documents), even though they are out
there. I'm assuming these two issues are related...
These error started occurring after adding the following authentication info
in my jakarta-slide-2.1-tomcat-5.0.28\webapps\slide\WEB-INF\web.xml file:
<security-constraint>
<web-resource-collection>
<web-resource-name>Entire Application</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<description>Constrain the entire application to force use of
HTTPS</description>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
Thanks in advance for any help you can provide!
Jeanna
---------------------------------------------------------------------
To unsubscribe, e-mail: slide-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: slide-user-help@jakarta.apache.org
Re: Slide and Secure Site Access (https)
Posted by Jeanna Geier <jg...@apt-cafm.com>.
As I continue to plug away on this, I've answered some of my own questions
from yesterday...Am I not able to start Tomcat with SSL enabled without
having the
authentication certificate generated? The answer to this would be NO.
Is there anyway to get around this? I think I may have come up with a
solution, but am coming upon another roadblock...if I save the HTTPS
certificate in the trusted folder on the browser client, the Security Alert
dialog box does not display each time that I access the web application
(which hopefully will get me around my problem...we'll see!)
However, in the directions I found
(http://www.cisco.com/en/US/products/sw/voicesw/ps556/products_administration_guide_chapter09186a00803fe674.html)
there is a note about if you're using localhost to access the application,
which I am; however, I can't seem to get the certificate to save in the
trusted folder for the localhost.....
Note If you use the localhost, the IP address, or the hostname in the
URL to access the application that supports HTTPS, you must save the
certificate in the
trusted folder for each of type of URL (with the local host, IP address,
and so on); otherwise, the Security Alert dialog box displays for each type.
PLEASE, any additional help or instructions would be greatly appreciated!
Thank you.
----- Original Message -----
From: "Jeanna Geier" <jg...@apt-cafm.com>
To: <sl...@jakarta.apache.org>
Sent: Tuesday, August 29, 2006 4:21 PM
Subject: Re: Slide and Secure Site Access (https)
> So I've been working on this issue some more and I have some additional
> newbie questions that I'm hoping someone can help me with....
>
> I decided to delete the authentication certificate to verify that thats
> what's causing my issue so I cleared out my keystore.
>
> My Slide server.xml file settings are as follows:
>
> <!-- Define a non-SSL Coyote HTTP/1.1 Connector on port 8080 -->
> <Connector port="80"
> maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
> enableLookups="false" redirectPort="443" acceptCount="100"
> debug="0" connectionTimeout="20000"
> disableUploadTimeout="true" URIEncoding="UTF-8"/>
> <!-- Note : To disable connection timeouts, set connectionTimeout value
> to 0 -->
>
> <!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
> <Connector port="443"
> maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
> enableLookups="false" disableUploadTimeout="true" keystorePass="319main"
> acceptCount="100" debug="0" scheme="https" secure="true"
> clientAuth="false" sslProtocol="TLS" URIEncoding="UTF-8"/>
>
> My web.xml file settings are:
>
> <security-constraint>
> <web-resource-collection>
> <web-resource-name>DAV resource</web-resource-name>
> <url-pattern>/*</url-pattern>
> <http-method>COPY</http-method>
> .
> .
> <http-method>POLL</http-method>
> <http-method>NOTIFY</http-method>
> </web-resource-collection>
>
> <auth-constraint>
> <role-name>root</role-name>
> <role-name>guest</role-name>
> <role-name>user</role-name>
> </auth-constraint>
> </security-constraint>
> <user-data-constraint>
> <description>Constrain the entire application to force use of
> HTTPS</description>
> <transport-guarantee>CONFIDENTIAL</transport-guarantee>
> </user-data-constraint>
>
> When I attempt to start the Tomcat Server I get the following errors:
>
> at
> org.apache.tomcat.util.net.jsse.JSSESocketFactory.acceptSocket(JSSESocketFactory.java:113)
> at
> org.apache.tomcat.util.net.PoolTcpEndpoint.acceptSocket(PoolTcpEndpoint.java:368)
> at
> org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:549)
> at
> org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:683)
> at java.lang.Thread.run(Thread.java:595)
> Aug 29, 2006 4:15:29 PM org.apache.tomcat.util.net.PoolTcpEndpoint
> acceptSocket
> WARNING: Reinitializing ServerSocket
> Aug 29, 2006 4:15:29 PM org.apache.tomcat.util.net.PoolTcpEndpoint
> acceptSocket
> SEVERE: Endpoint [SSL:
> ServerSocket[addr=0.0.0.0/0.0.0.0,port=0,localport=443]]
> ignored exception: java.net.SocketException: SSL handshake
> errorjavax.net.ssl.SSLException: No available certificate or key
> corresponds to the SSL cipher suites which are enabled.
> java.net.SocketException: SSL handshake errorjavax.net.ssl.SSLException:
> No available certificate or key corresponds to the SSL cipher suites which
> are enabled.
>
> However, if I generate a keyfile: "keytool -genkey -alias tomcat -keyalg
> RSA", and start Tomcat, this error goes away and the Tomcat Server starts.
>
> Questions: Am I not able to start Tomcat with SSL enabled without having
> the authentication certificate generated? Is there anyway to get around
> this? If not, could anyone help me with my original issue below (which I
> am eventually going to have to address anyways =))?
>
> Thanks much!
>
> ----- Original Message -----
> From: "Jeanna Geier" <jg...@apt-cafm.com>
> To: <sl...@jakarta.apache.org>
> Sent: Tuesday, August 22, 2006 4:24 PM
> Subject: Slide and Secure Site Access (https)
>
>
> Hi, I'm having some problems accessing a secure site and would appreciate
> any assistance anyone could give me. I'm a newbie here, so please bear
> with me.
>
> When trying to connect using the Slide client run.bat, the following error
> is occurring:
>
> [ Slide ] $ open https://localhost/slide/files
> connect https://localhost/slide/files/
> Error: sun.security.validator.ValidatorException: PKIX path building
> failed: sun
> .security.provider.certpath.SunCertPathBuilderException: unable to find
> valid ce
> rtification path to requested target
> [ Slide ] $
>
> However, if I try to connect via Internet Explorer, I don't have any
> problems (I am able to connect and see the authentication certificate as
> expected).
>
> Another issue that I'm running into is that when trying to build the
> project using NetBeans, it is returning an error that it can't find the
> documents it needs (https://localhost/slide/files/Documents), even though
> they are out there. I'm assuming these two issues are related...
>
> These error started occurring after adding the following authentication
> info in my jakarta-slide-2.1-tomcat-5.0.28\webapps\slide\WEB-INF\web.xml
> file:
>
> <security-constraint>
> <web-resource-collection>
> <web-resource-name>Entire Application</web-resource-name>
> <url-pattern>/*</url-pattern>
> </web-resource-collection>
> <user-data-constraint>
> <description>Constrain the entire application to force use of
> HTTPS</description>
> <transport-guarantee>CONFIDENTIAL</transport-guarantee>
> </user-data-constraint>
> </security-constraint>
>
> Thanks in advance for any help you can provide!
>
> Jeanna
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: slide-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: slide-user-help@jakarta.apache.org
>
>
Re: Slide and Secure Site Access (https)
Posted by Jeanna Geier <jg...@apt-cafm.com>.
So I've been working on this issue some more and I have some additional
newbie questions that I'm hoping someone can help me with....
I decided to delete the authentication certificate to verify that thats
what's causing my issue so I cleared out my keystore.
My Slide server.xml file settings are as follows:
<!-- Define a non-SSL Coyote HTTP/1.1 Connector on port 8080 -->
<Connector port="80"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" redirectPort="443" acceptCount="100"
debug="0" connectionTimeout="20000"
disableUploadTimeout="true" URIEncoding="UTF-8"/>
<!-- Note : To disable connection timeouts, set connectionTimeout value
to 0 -->
<!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
<Connector port="443"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true" keystorePass="319main"
acceptCount="100" debug="0" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" URIEncoding="UTF-8"/>
My web.xml file settings are:
<security-constraint>
<web-resource-collection>
<web-resource-name>DAV resource</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>COPY</http-method>
.
.
<http-method>POLL</http-method>
<http-method>NOTIFY</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>root</role-name>
<role-name>guest</role-name>
<role-name>user</role-name>
</auth-constraint>
</security-constraint>
<user-data-constraint>
<description>Constrain the entire application to force use of
HTTPS</description>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
When I attempt to start the Tomcat Server I get the following errors:
at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.acceptSocket(JSSESocketFactory.java:113)
at
org.apache.tomcat.util.net.PoolTcpEndpoint.acceptSocket(PoolTcpEndpoint.java:368)
at
org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:549)
at
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:683)
at java.lang.Thread.run(Thread.java:595)
Aug 29, 2006 4:15:29 PM org.apache.tomcat.util.net.PoolTcpEndpoint
acceptSocket
WARNING: Reinitializing ServerSocket
Aug 29, 2006 4:15:29 PM org.apache.tomcat.util.net.PoolTcpEndpoint
acceptSocket
SEVERE: Endpoint [SSL:
ServerSocket[addr=0.0.0.0/0.0.0.0,port=0,localport=443]]
ignored exception: java.net.SocketException: SSL handshake
errorjavax.net.ssl.SSLException: No available certificate or key corresponds
to the SSL cipher suites which are enabled.
java.net.SocketException: SSL handshake errorjavax.net.ssl.SSLException: No
available certificate or key corresponds to the SSL cipher suites which are
enabled.
However, if I generate a keyfile: "keytool -genkey -alias tomcat -keyalg
RSA", and start Tomcat, this error goes away and the Tomcat Server starts.
Questions: Am I not able to start Tomcat with SSL enabled without having the
authentication certificate generated? Is there anyway to get around this?
If not, could anyone help me with my original issue below (which I am
eventually going to have to address anyways =))?
Thanks much!
----- Original Message -----
From: "Jeanna Geier" <jg...@apt-cafm.com>
To: <sl...@jakarta.apache.org>
Sent: Tuesday, August 22, 2006 4:24 PM
Subject: Slide and Secure Site Access (https)
Hi, I'm having some problems accessing a secure site and would appreciate
any assistance anyone could give me. I'm a newbie here, so please bear with
me.
When trying to connect using the Slide client run.bat, the following error
is occurring:
[ Slide ] $ open https://localhost/slide/files
connect https://localhost/slide/files/
Error: sun.security.validator.ValidatorException: PKIX path building failed:
sun
.security.provider.certpath.SunCertPathBuilderException: unable to find
valid ce
rtification path to requested target
[ Slide ] $
However, if I try to connect via Internet Explorer, I don't have any
problems (I am able to connect and see the authentication certificate as
expected).
Another issue that I'm running into is that when trying to build the project
using NetBeans, it is returning an error that it can't find the documents it
needs (https://localhost/slide/files/Documents), even though they are out
there. I'm assuming these two issues are related...
These error started occurring after adding the following authentication info
in my jakarta-slide-2.1-tomcat-5.0.28\webapps\slide\WEB-INF\web.xml file:
<security-constraint>
<web-resource-collection>
<web-resource-name>Entire Application</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<description>Constrain the entire application to force use of
HTTPS</description>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
Thanks in advance for any help you can provide!
Jeanna
---------------------------------------------------------------------
To unsubscribe, e-mail: slide-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: slide-user-help@jakarta.apache.org