OFBiz › OFBiz - Dev

[jira] Created: (OFBIZ-1902) ofbiz.org cert is expired causes peer not authenticated

_‹ Previous Topic Next Topic _›

Classic

List

Threaded

11 messages Options

Nicolas Malin (Jira)

[jira] Created: (OFBIZ-1902) ofbiz.org cert is expired causes peer not authenticated

ofbiz.org cert is expired causes peer not authenticated
-------------------------------------------------------

Key: OFBIZ-1902
URL: https://issues.apache.org/jira/browse/OFBIZ-1902
Project: OFBiz
Issue Type: Bug
Affects Versions: SVN trunk, Release Branch 4.0
Environment: Ofbiz ootb localhost
Reporter: BJ Freeman
Priority: Blocker
Fix For: SVN trunk, Release Branch 4.0

the ofbiz.org cert that is in the ootb has expired on July 7th.

2008-07-29 14:24:31,312 (http-0.0.0.0-8443-2) [ RequestHandler.java:243:INFO ] [Processing Request]: EditWebSite sessionId=15BC9675666BC788DE897F186C9BF720.jvm1
2008-07-29 14:24:31,312 (http-0.0.0.0-8443-2) [ RequestHandler.java:433:INFO ] [RequestHandler.doRequest]: Response is a view. sessionId=15BC9675666BC788DE897F186C9BF720.jvm1
2008-07-29 14:24:31,312 (http-0.0.0.0-8443-2) [ RequestHandler.java:584:INFO ] servletName=control, view=EditWebSite sessionId=15BC9675666BC788DE897F186C9BF720.jvm1
2008-07-29 14:24:31,312 (http-0.0.0.0-8443-2) [ JSSESupport.java:89 :DEBUG] Error getting client certs

javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
at com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:345)
at org.apache.tomcat.util.net.jsse.JSSESupport.getX509Certificates(JSSESupport.java:87)
at org.apache.tomcat.util.net.jsse.JSSESupport.getPeerCertificateChain(JSSESupport.java:141)
at org.apache.coyote.http11.Http11Processor.action(Http11Processor.java:1011)
at org.apache.coyote.Request.action(Request.java:352)

--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Nicolas Malin (Jira)

[jira] Commented: (OFBIZ-1902) ofbiz.org cert is expired causes peer not authenticated

[ https://issues.apache.org/jira/browse/OFBIZ-1902?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12618021#action_12618021 ]

BJ Freeman commented on OFBIZ-1902:
-----------------------------------

It came to mind that maybe there was an ant script to build a ssl cert.
I ran accross this

Local-deploy-generated-apache-certs

Overwrites files with generated self-signed certificate and key files; target directory is the subdirectory of APACHE_HOME specified by the apache-server-ssl-cert-directory property in apache-conf.properties. Called by local-deploy-apache.
configure-apache

Calls targets to copy model httpd.conf and ssl.conf files using token filtering. Depended on by local-deploy-generated-apache-config.
generate-self-signed-certificate

Generates self-signed certificate and key files with openssl, based on peroperties set in apache-conf.properties. Depended on by local-deploy-generated-apache-certs.

So maybe that is what ofbiz needs to do. then the person downloading would be responsible to do the certs

> ofbiz.org cert is expired causes peer not authenticated
> -------------------------------------------------------
>
> Key: OFBIZ-1902
> URL: https://issues.apache.org/jira/browse/OFBIZ-1902
> Project: OFBiz
> Issue Type: Bug
> Affects Versions: SVN trunk, Release Branch 4.0
> Environment: Ofbiz ootb localhost
> Reporter: BJ Freeman
> Priority: Blocker
> Fix For: SVN trunk, Release Branch 4.0
>
>
> the ofbiz.org cert that is in the ootb has expired on July 7th.
> 2008-07-29 14:24:31,312 (http-0.0.0.0-8443-2) [ RequestHandler.java:243:INFO ] [Processing Request]: EditWebSite sessionId=15BC9675666BC788DE897F186C9BF720.jvm1
> 2008-07-29 14:24:31,312 (http-0.0.0.0-8443-2) [ RequestHandler.java:433:INFO ] [RequestHandler.doRequest]: Response is a view. sessionId=15BC9675666BC788DE897F186C9BF720.jvm1
> 2008-07-29 14:24:31,312 (http-0.0.0.0-8443-2) [ RequestHandler.java:584:INFO ] servletName=control, view=EditWebSite sessionId=15BC9675666BC788DE897F186C9BF720.jvm1
> 2008-07-29 14:24:31,312 (http-0.0.0.0-8443-2) [ JSSESupport.java:89 :DEBUG] Error getting client certs
> javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
> at com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:345)
> at org.apache.tomcat.util.net.jsse.JSSESupport.getX509Certificates(JSSESupport.java:87)
> at org.apache.tomcat.util.net.jsse.JSSESupport.getPeerCertificateChain(JSSESupport.java:141)
> at org.apache.coyote.http11.Http11Processor.action(Http11Processor.java:1011)
> at org.apache.coyote.Request.action(Request.java:352)

--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Nicolas Malin (Jira)

[jira] Commented: (OFBIZ-1902) ofbiz.org cert is expired causes peer not authenticated

In reply to this post by Nicolas Malin (Jira)

[ https://issues.apache.org/jira/browse/OFBIZ-1902?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12618025#action_12618025 ]

BJ Freeman commented on OFBIZ-1902:
-----------------------------------

Open SSL is Apache License but they have this warning

This software package uses strong cryptography, so even if it is created, maintained and distributed from liberal countries in Europe (where it is legal to do this), it falls under certain export/import and/or use restrictions in some other parts of the world.

PLEASE REMEMBER THAT EXPORT/IMPORT AND/OR USE OF STRONG CRYPTOGRAPHY SOFTWARE, PROVIDING CRYPTOGRAPHY HOOKS OR EVEN JUST COMMUNICATING TECHNICAL DETAILS ABOUT CRYPTOGRAPHY SOFTWARE IS ILLEGAL IN SOME PARTS OF THE WORLD. SO, WHEN YOU IMPORT THIS PACKAGE TO YOUR COUNTRY, RE-DISTRIBUTE IT FROM THERE OR EVEN JUST EMAIL TECHNICAL SUGGESTIONS OR EVEN SOURCE PATCHES TO THE AUTHOR OR OTHER PEOPLE YOU ARE STRONGLY ADVISED TO PAY CLOSE ATTENTION TO ANY EXPORT/IMPORT AND/OR USE LAWS WHICH APPLY TO YOU. THE AUTHORS OF OPENSSL ARE NOT LIABLE FOR ANY VIOLATIONS YOU MAKE HERE. SO BE CAREFUL, IT IS YOUR RESPONSIBILITY.

--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Nicolas Malin (Jira)

[jira] Commented: (OFBIZ-1902) ofbiz.org cert is expired causes peer not authenticated

In reply to this post by Nicolas Malin (Jira)

[ https://issues.apache.org/jira/browse/OFBIZ-1902?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12618606#action_12618606 ]

BJ Freeman commented on OFBIZ-1902:
-----------------------------------

put this in the main build and use
ant ofbizkey
note:you may have to delete the framework/base/config/ofbizssl.jks
I am still working on taking data from the
framework/base/config/ofbiz-containers.xml
and doing a auto delete in the script.

<target name="ofbizkey">
<echo message="[genkey] ========== Start genkey for Ofbiz main cert Key =========="/>
<echo message="[genkey] ========== removing Ofbiz main cert Key =========="/>
<genkey alias="ssl" storepass="changeit" keystore="framework/base/config/ofbizssl.jks" storetype="JKS" keypass="changeit"
dname="CN=ofbiz.apache.org, OU=SSL Server Testing, O=Apache Open For Business, C=US, ST=Delaware, L=Dover"/>
<echo message="[genkey] ========== genkey for Ofbiz main cert completed =========="/>
</target>

--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Nicolas Malin (Jira)

[jira] Resolved: (OFBIZ-1902) ofbiz.org cert is expired causes peer not authenticated

In reply to this post by Nicolas Malin (Jira)

[ https://issues.apache.org/jira/browse/OFBIZ-1902?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

BJ Freeman resolved OFBIZ-1902.
-------------------------------

Resolution: Fixed

for now will close since I put in a solution in the comments
when I get the final solution will submit patch

--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Jacques Le Roux

Re: [jira] Resolved: (OFBIZ-1902) ofbiz.org cert is expired causes peer not authenticated

Administrator

Hi BJ,

A tip in the Certificate part in Wiki FAQ would be good, isn'it ? Or will you provide a total fixing solution ?

Jacques

From: "BJ Freeman (JIRA)" <[hidden email]>

>
> [ https://issues.apache.org/jira/browse/OFBIZ-1902?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
>
> BJ Freeman resolved OFBIZ-1902.
> -------------------------------
>
> Resolution: Fixed
>
> for now will close since I put in a solution in the comments
> when I get the final solution will submit patch
>
>> ofbiz.org cert is expired causes peer not authenticated
>> -------------------------------------------------------
>>
>> Key: OFBIZ-1902
>> URL: https://issues.apache.org/jira/browse/OFBIZ-1902
>> Project: OFBiz
>> Issue Type: Bug
>> Affects Versions: SVN trunk, Release Branch 4.0
>> Environment: Ofbiz ootb localhost
>> Reporter: BJ Freeman
>> Priority: Blocker
>> Fix For: SVN trunk, Release Branch 4.0
>>
>>
>> the ofbiz.org cert that is in the ootb has expired on July 7th.
>> 2008-07-29 14:24:31,312 (http-0.0.0.0-8443-2) [ RequestHandler.java:243:INFO ] [Processing Request]: EditWebSite
>> sessionId=15BC9675666BC788DE897F186C9BF720.jvm1
>> 2008-07-29 14:24:31,312 (http-0.0.0.0-8443-2) [ RequestHandler.java:433:INFO ] [RequestHandler.doRequest]: Response is a
>> view. sessionId=15BC9675666BC788DE897F186C9BF720.jvm1
>> 2008-07-29 14:24:31,312 (http-0.0.0.0-8443-2) [ RequestHandler.java:584:INFO ] servletName=control, view=EditWebSite
>> sessionId=15BC9675666BC788DE897F186C9BF720.jvm1
>> 2008-07-29 14:24:31,312 (http-0.0.0.0-8443-2) [ JSSESupport.java:89 :DEBUG] Error getting client certs
>> javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
>> at com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:345)
>> at org.apache.tomcat.util.net.jsse.JSSESupport.getX509Certificates(JSSESupport.java:87)
>> at org.apache.tomcat.util.net.jsse.JSSESupport.getPeerCertificateChain(JSSESupport.java:141)
>> at org.apache.coyote.http11.Http11Processor.action(Http11Processor.java:1011)
>> at org.apache.coyote.Request.action(Request.java:352)
>
> --
> This message is automatically generated by JIRA.
> -
> You can reply to this email to add a comment to the issue online.
>

BJ Freeman

Re: [jira] Resolved: (OFBIZ-1902) ofbiz.org cert is expired causes peer not authenticated

was planning to put a link in the wiki to the Jira once I got the
complete patch in the main build.xml
Yes I am learning Ant and making it to use the ofbiz-containers.xml to
get it parameters.
will be doing one for the rmi also
probably next week.

Jacques Le Roux sent the following on 7/30/2008 11:41 PM:

> Hi BJ,
>
> A tip in the Certificate part in Wiki FAQ would be good, isn'it ? Or
> will you provide a total fixing solution ?
>
> Jacques
>
> From: "BJ Freeman (JIRA)" <[hidden email]>
>>
>> [
>> https://issues.apache.org/jira/browse/OFBIZ-1902?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
>> ]
>>
>> BJ Freeman resolved OFBIZ-1902.
>> -------------------------------
>>
>> Resolution: Fixed
>>
>> for now will close since I put in a solution in the comments
>> when I get the final solution will submit patch
>>
>>> ofbiz.org cert is expired causes peer not authenticated
>>> -------------------------------------------------------
>>>
>>> Key: OFBIZ-1902
>>> URL: https://issues.apache.org/jira/browse/OFBIZ-1902
>>> Project: OFBiz
>>> Issue Type: Bug
>>> Affects Versions: SVN trunk, Release Branch 4.0
>>> Environment: Ofbiz ootb localhost
>>> Reporter: BJ Freeman
>>> Priority: Blocker
>>> Fix For: SVN trunk, Release Branch 4.0
>>>
>>>
>>> the ofbiz.org cert that is in the ootb has expired on July 7th.
>>> 2008-07-29 14:24:31,312 (http-0.0.0.0-8443-2) [
>>> RequestHandler.java:243:INFO ] [Processing Request]: EditWebSite
>>> sessionId=15BC9675666BC788DE897F186C9BF720.jvm1
>>> 2008-07-29 14:24:31,312 (http-0.0.0.0-8443-2) [
>>> RequestHandler.java:433:INFO ] [RequestHandler.doRequest]: Response
>>> is a view. sessionId=15BC9675666BC788DE897F186C9BF720.jvm1
>>> 2008-07-29 14:24:31,312 (http-0.0.0.0-8443-2) [
>>> RequestHandler.java:584:INFO ] servletName=control, view=EditWebSite
>>> sessionId=15BC9675666BC788DE897F186C9BF720.jvm1
>>> 2008-07-29 14:24:31,312 (http-0.0.0.0-8443-2) [
>>> JSSESupport.java:89 :DEBUG] Error getting client certs
>>> javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
>>> at
>>> com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:345)
>>>
>>> at
>>> org.apache.tomcat.util.net.jsse.JSSESupport.getX509Certificates(JSSESupport.java:87)
>>>
>>> at
>>> org.apache.tomcat.util.net.jsse.JSSESupport.getPeerCertificateChain(JSSESupport.java:141)
>>>
>>> at
>>> org.apache.coyote.http11.Http11Processor.action(Http11Processor.java:1011)
>>>
>>> at org.apache.coyote.Request.action(Request.java:352)
>>
>> --
>> This message is automatically generated by JIRA.
>> -
>> You can reply to this email to add a comment to the issue online.
>>
>
>
>
>

Nicolas Malin (Jira)

[jira] Commented: (OFBIZ-1902) ofbiz.org cert is expired causes peer not authenticated

In reply to this post by Nicolas Malin (Jira)

[ https://issues.apache.org/jira/browse/OFBIZ-1902?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12621291#action_12621291 ]

Jacques Le Roux commented on OFBIZ-1902:
----------------------------------------

Thanks BJ,

I put a link from FAQ

Jacques

--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Nicolas Malin (Jira)

[jira] Commented: (OFBIZ-1902) ofbiz.org cert is expired causes peer not authenticated

In reply to this post by Nicolas Malin (Jira)

[ https://issues.apache.org/jira/browse/OFBIZ-1902?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12621295#action_12621295 ]

BJ Freeman commented on OFBIZ-1902:
-----------------------------------

you mean this one
http://docs.ofbiz.org/display/OFBIZ/Ant+Script+to+build+new+ofbiz+self+cert

--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Nicolas Malin (Jira)

[jira] Commented: (OFBIZ-1902) ofbiz.org cert is expired causes peer not authenticated

In reply to this post by Nicolas Malin (Jira)

[ https://issues.apache.org/jira/browse/OFBIZ-1902?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12621300#action_12621300 ]

Jacques Le Roux commented on OFBIZ-1902:
----------------------------------------

Yes

--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Nicolas Malin (Jira)

[jira] Closed: (OFBIZ-1902) ofbiz.org cert is expired causes peer not authenticated

In reply to this post by Nicolas Malin (Jira)

[ https://issues.apache.org/jira/browse/OFBIZ-1902?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Bruno Busco closed OFBIZ-1902.
------------------------------

Changed from "Resolved" to "Closed" since we do not use the "Resolved" issue status

> ofbiz.org cert is expired causes peer not authenticated
> -------------------------------------------------------
>
> Key: OFBIZ-1902
> URL: https://issues.apache.org/jira/browse/OFBIZ-1902
> Project: OFBiz
> Issue Type: Bug
> Affects Versions: Release Branch 4.0, SVN trunk
> Environment: Ofbiz ootb localhost
> Reporter: BJ Freeman
> Priority: Blocker
> Fix For: Release Branch 4.0, SVN trunk
>
>
> the ofbiz.org cert that is in the ootb has expired on July 7th.
> 2008-07-29 14:24:31,312 (http-0.0.0.0-8443-2) [ RequestHandler.java:243:INFO ] [Processing Request]: EditWebSite sessionId=15BC9675666BC788DE897F186C9BF720.jvm1
> 2008-07-29 14:24:31,312 (http-0.0.0.0-8443-2) [ RequestHandler.java:433:INFO ] [RequestHandler.doRequest]: Response is a view. sessionId=15BC9675666BC788DE897F186C9BF720.jvm1
> 2008-07-29 14:24:31,312 (http-0.0.0.0-8443-2) [ RequestHandler.java:584:INFO ] servletName=control, view=EditWebSite sessionId=15BC9675666BC788DE897F186C9BF720.jvm1
> 2008-07-29 14:24:31,312 (http-0.0.0.0-8443-2) [ JSSESupport.java:89 :DEBUG] Error getting client certs
> javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
> at com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:345)
> at org.apache.tomcat.util.net.jsse.JSSESupport.getX509Certificates(JSSESupport.java:87)
> at org.apache.tomcat.util.net.jsse.JSSESupport.getPeerCertificateChain(JSSESupport.java:141)
> at org.apache.coyote.http11.Http11Processor.action(Http11Processor.java:1011)
> at org.apache.coyote.Request.action(Request.java:352)

--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.