Users - install the certificate, help
Locked
Users - install the certificate, help
 
|
Re: Users - install the certificate, help
|
|
Re: Users - install the certificate, help
|
|
Re: Users - install the certificate, help
|
|
If you have an HttpClient request going over HTTPS and it is setup to require the certificate to be trusted then it doesn't matter if it's JSP or FTL or Java or BSH or whatever... If the certificate isn't signed by a trusted authority and the client requires that then there's no way around it except to use a signed cert, or change your code to not require a signed cert by a trusted authority, or add a trusted the signing authority to your list of trusted authorities or whatever. -David On Dec 15, 2005, at 11:30 AM, Hao Jiang wrote: > Thanks, but I found this message on wiki > > ALERT: TO THE BEST OF MY KNOWLEDGE, THIS CURRENTLY ISN'T WORKING. > See 2 > April 2004 email: Users - The problem about SSL in ofbiz3.0. Andy > Zeneski writes: The HttpClient is being run from that JSP to parse a > template. Since the SSL certificate is not trusted, it doesn't like > the > connection... When we finally get around to changing these to FTL > files > it will > > Is it still true? > > Regards > > Hao > > On Wed, 2005-12-14 at 10:15 +0000, Andrew Sykes wrote: >> Hao, >> >> There's a wiki page on this... >> http://ofbizwiki1.go-integral.com/Wiki.jsp?page=ConfiguringSSL >> >> Kind Regards > > > > _______________________________________________ > Users mailing list > [hidden email] > http://lists.ofbiz.org/mailman/listinfo/users _______________________________________________ Users mailing list [hidden email] http://lists.ofbiz.org/mailman/listinfo/users |
smime.p7s (3K)
Re: Users - install the certificate, help
|
|
Re: Users - install the certificate, help
|
|
Have you looked at the section that covers this in the Basic Production Setup Guide? It has more detailed steps for getting this done... -David On Dec 15, 2005, at 1:39 PM, Hao Jiang wrote: > Thanks David, I already have a certificate, but as per the > instruction, > the installation should be: > > ********************************************************************** > * > Installing Your Issued Web Server Certificate > > i. Use the following command to import the issued certificate > into > your keystore. > ii. keytool -import -alias tomcat -keystore tomcat.keystore > -trustcacerts -file <name of your certificate> > > Updating the server.xml Configuration File > When you have completed installing your certificate, you must > configure > your Tomcat server.xml configuration file to point to the correct > keystore file: > > 1. Open the server.xml file. > 2. After uncommenting the SSL/TLS connector from server.xml, > locate > the following text section: > <Factory > > className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory" > clientAuth="false" protocol="TLS" /> > 3. Add the "keystoreFile" and "keystorePass directives: > <Factory > > className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory" > clientAuth="false" protocol="TLS" > keystoreFile="/full/path/to/tomcat.keystore" > keystorePass="changeit" /> > 4. Restart Tomcat. > ********************************************************************** > * > > My problems are: > > 1. I didn't get any *.jks file, only a file called tomcat.keystore > 2. apparently the server.xml disappeared in ofbiz, the > base/config/jsse.properties looks like the place to configure some > information, which I tried before but failed. > > This is my first time doing such thing, so please help me. > > Thanks > > Hao > On Thu, 2005-12-15 at 12:11 -0700, David E. Jones wrote: >> If you have an HttpClient request going over HTTPS and it is setup to >> require the certificate to be trusted then it doesn't matter if it's >> JSP or FTL or Java or BSH or whatever... If the certificate isn't >> signed by a trusted authority and the client requires that then >> there's no way around it except to use a signed cert, or change your >> code to not require a signed cert by a trusted authority, or add a >> trusted the signing authority to your list of trusted authorities or >> whatever. >> >> -David >> >> >> On Dec 15, 2005, at 11:30 AM, Hao Jiang wrote: >> >>> Thanks, but I found this message on wiki >>> >>> ALERT: TO THE BEST OF MY KNOWLEDGE, THIS CURRENTLY ISN'T WORKING. >>> See 2 >>> April 2004 email: Users - The problem about SSL in ofbiz3.0. Andy >>> Zeneski writes: The HttpClient is being run from that JSP to parse a >>> template. Since the SSL certificate is not trusted, it doesn't like >>> the >>> connection... When we finally get around to changing these to FTL >>> files >>> it will >>> >>> Is it still true? >>> >>> Regards >>> >>> Hao >>> >>> On Wed, 2005-12-14 at 10:15 +0000, Andrew Sykes wrote: >>>> Hao, >>>> >>>> There's a wiki page on this... >>>> http://ofbizwiki1.go-integral.com/Wiki.jsp?page=ConfiguringSSL >>>> >>>> Kind Regards >>> >>> >>> >>> _______________________________________________ >>> Users mailing list >>> [hidden email] >>> http://lists.ofbiz.org/mailman/listinfo/users >> >> _______________________________________________ >> Users mailing list >> [hidden email] >> http://lists.ofbiz.org/mailman/listinfo/users > > > > _______________________________________________ > Users mailing list > [hidden email] > http://lists.ofbiz.org/mailman/listinfo/users _______________________________________________ Users mailing list [hidden email] http://lists.ofbiz.org/mailman/listinfo/users |
Re: Users - install the certificate, help
|
|
| Free forum by Nabble | Edit this page |