[Laszlo-user] LPS need some setting to use SSL?

Mon Nov 12 23:01:16 PST 2007

Hi,

I believe you configure your SSL at httpd that require client cert for verification. 

You need to import your server cert and ca cert to java runtime keystore file. For my case which run linux, this file stored at /usr/java/jdkxxx/jre/lib/security/ and the file name is jssecacert or cacert.

One imported, then you need to restart tomcat. This happened due to java runtime also verify the client cert that pass from httpd to tomcat. However, before the CA and server cert is added, java runtime can't identify the CA cert to validate the client cert.

Please refer to this link to understand more http://marc.info/?l=tomcat-user&m=106293430225790&w=2

Hope my suggestion work for you.

Cheers,
James

-----Original Message-----
From: laszlo-user-bounces at openlaszlo.org [mailto:laszlo-user-bounces at openlaszlo.org] On Behalf Of keiji Ono
Sent: Tuesday, November 13, 2007 2:44 PM
To: Laszlo Users
Subject: [Laszlo-user] LPS need some setting to use SSL?

Hi,

I am working on lps-3.4.0 on Apache/Tomcat.
When i was using SSL on Proxy mode, i got error as following in lps.log
file.
And a server side program( jsp ) did not return any responses.

<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE
laszlo-data><resultset><error status="2"
msg="https://myserver.com/my-test/myjsp.jsp data source error: SSL
exception occurred: sun.security.validator.ValidatorException: PKIX path
building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target"/></resultset>

I found the similar trouble in the forum, but it was just on Tomcat ( no
Apache ) and it was so old comment.
http://forum.openlaszlo.org/showthread.php?t=509

I confirmed it works on SOLO, but on Proxy did not work. It should be
need some setting on LPS, i guess.
But i have no idea to resolve this issue.
My environments are as following.

OS: Client WinXP Server Linux
Tomcat: 5.0.28
Apache: 2.0.49
OpenSSL: 0.9.7d
mod_jk: 1.2.25
Cert: my cert ( create by myself )

Thanks in advance.

Keiji Ono
keiji_ono at net8.co.jp

No virus found in this incoming message.
Checked by AVG Free Edition. 
Version: 7.5.503 / Virus Database: 269.15.30/1127 - Release Date: 11/12/2007 9:19 PM

No virus found in this outgoing message.
Checked by AVG Free Edition. 
Version: 7.5.503 / Virus Database: 269.15.30/1127 - Release Date: 11/12/2007 9:19 PM

------------------------------------------------------------------
-
-
-
DISCLAIMER: 

This e-mail (including any attachments) may contain confidential 
information. If you are not the intended recipient, you are hereby 
notified that any dealing, review, distribution, printing, copying 
or use of this e-mail is strictly prohibited. If you have received 
this email in error, please notify the sender or MIMOS Berhad 
immediately and delete the original message. Opinions, conclusions 
and other information in this e-mail that do not relate to the 
official business of MIMOS Berhad and/or its subsidiaries shall be 
understood as neither given nor endorsed by MIMOS Berhad and/or its 
subsidiaries and neither MIMOS Berhad nor its subsidiaries accepts 
responsibility for the same. All liability arising from or in 
connection with computer viruses and/or corrupted e-mails is 
excluded to the fullest extent permitted by law.