users@glassfish.java.net

Re: ssl n00b

From: Lucas Jordan <lucasjordan_at_gmail.com>
Date: Tue, 20 Feb 2007 15:34:28 -0500

when looking through the section on the app servers web interface for adding
new HTTP Listeners, i noticed that the listener for port 8181 (I am
forwarding 443 via iptables) did not have the little checkbox checked for
enabling SSL3 (nor TLS), I suspect this is my problem, however the app
server requires a nickname. what is that? it say "Takes a single value,
identifies the server's keypair and certificate", but I am not sure exactly
what that is. can someone point me in the right direction?

Thanks as always!
-Lucas

On 2/20/07, Lucas Jordan <lucasjordan_at_gmail.com> wrote:
>
> here is the verbose build information: (/asadmin version --verbose)
>
> Unable to communicate with admin server, getting version locally.
> Version = Sun Java System Application Server Platform Edition 9.0 (build
> b48)
> Command version executed successfully.
>
>
> I will try 443 directly, though the last time I messed with the connectors
> I bricked by installation.
> ssl does work in some cases, for example I can access web pages hosted by
> the app server using https://...../MyApp, of course the browser ask the
> users to accept the cert.
>
> On 2/20/07, Jeanfrancois Arcand <Jeanfrancois.Arcand_at_sun.com> wrote:
> >
> >
> >
> > Lucas Jordan wrote:
> > > Looking at the domain.xml file I see an entry:
> > > <http-listener acceptor-threads="1" address="0.0.0.0 <http://0.0.0.0
> > >"
> > > blocking-enabled="false" default-virtual-server="server"
> > enabled="true"
> > > family="inet" id="http-listener-2" port="8181" security-enabled="true"
> >
> > > server-name="" xpowered-by="true">
> > >
> > > I guess I should note that I am using iptables to redirect port 443 to
> > > 8181....so changing blocking-enabled to true might fix my issue?
> >
> > No it won't, as this options wasn't supported in v1.0. I'm not sure what
> > is causing that exception, but this is not related to the http
> > connector, but most probably related to a security configuration. If you
> >
> > configure the port 443 directly (without using iptables), does it work?
> >
> > -- Jeanfrancois
> >
> > >
> > > -Lucas
> > >
> > > On 2/20/07, * Lucas Jordan* <lucasjordan_at_gmail.com
> > > <mailto:lucasjordan_at_gmail.com>> wrote:
> > >
> > > version v1, I suspect, is the build number included in an install
> > > anyplace?...maybe this tells use:
> > > Install_Application_Server_9PE_200608220604.log
> > >
> > >
> > >
> > >
> > > On 2/20/07, * Jeanfrancois Arcand* <Jeanfrancois.Arcand_at_sun.com
> > > <mailto:Jeanfrancois.Arcand_at_sun.com>> wrote:
> > >
> > > Hi Lucas,
> > >
> > > which version of GlassFish are you using? If you are using
> > > GlassFish v2,
> > > can you edit ${glassfish.home
> > }/domains/domain1/config/domain.xml:
> > >
> > > change http-listener ...port="443:
> > blocking-enabled="true".../>
> > >
> > > and see if it works? If you are using v1, then this is another
> > > problem.
> > >
> > > Thanks
> > >
> > > -- Jeanfrancois
> > >
> > > Lucas Jordan wrote:
> > > > I am trying to configure an instance of glassfish to
> > respond to
> > > > notifications from google checkout. I have it working in
> > > 'sandbox' mode
> > > > over port 80, but to make it work for real, it must be over
> >
> > > port 443.
> > > > Google says....
> > > >
> > > > "To implement the Notification API, you need to establish a
> > > web service
> > > > that receives and processes Google Checkout notifications.
> > > Your web
> > > > service must be secured by SSL v3 or TLS and must use a
> > valid SSL
> > > > certificate. The API callback URL that you use for your
> > production
> > > > account must use port 443, which is the default port for
> > > HTTPS. The API
> > > > callback URL that you use for your Sandbox account may use
> > > either port
> > > > 443 or port 80."
> > > >
> > > > when I tried to use port port 443 the google integration
> > tools
> > > tells me:
> > > >
> > > > "We encountered an error trying to access your server at
> > > > https://digitalxtractions.net/portal/notification -- the
> > error
> > > we got
> > > > is: sun.security.validator.ValidatorException: PKIX path
> > building
> > > > failed:
> > > sun.security.provider.certpath.SunCertPathBuilderException :
> > > > unable to find valid certification path to requested
> > target"
> > > >
> > > > This is the only information I have about the error,
> > nothing
> > > is logged
> > > > on the server side. In my searching, this error seems to be
> > > often found
> > > > on the client side, and has something to do with the client
> > > not being
> > > > able trust the server. I am not sure how this translates to
> > my
> > > > circumstance thought, since I am an SSL n00b :)
> > > >
> > > > I guess what I don't understand is, is my server not
> > trusting
> > > googles
> > > > certs? how do I tell glassfish to accept all certs? or just
> >
> > > those from
> > > > google? or is google not trusting me, since I have not
> > > installed any
> > > > certs or anything on the server? Is certificate even the
> > right
> > > word?
> > > >
> > > > Any help out be awesome!
> > > > -Lucas
> > > >
> > > >
> > >
> > >
> > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail:
> > users-unsubscribe_at_glassfish.dev.java.net
> > > <mailto: users-unsubscribe_at_glassfish.dev.java.net>
> > > For additional commands, e-mail:
> > > users-help_at_glassfish.dev.java.net
> > > <mailto: users-help_at_glassfish.dev.java.net>
> > >
> > >
> > >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> > For additional commands, e-mail: users-help_at_glassfish.dev.java.net
> >
> >
>