search

Esri / geoportal-server

Geoportal Server is a standards-based, open source product that enables discovery and use of geospatial resources including data and services.
https://gptogc.esri.com/geoportal
Apache License 2.0
244 stars 149 forks source link

Connecting to WAF via https #237

Closed cybersea closed 7 years ago

cybersea commented 8 years ago

I'm trying to connect to an https WAF and when I test the connection in geoportal, I'm getting an error: "Unable to connect to host."

The WAF is accessible directly via a browser.

Is it possible to connect to a WAF via https in geoportal or does it only handle http?

zguo commented 8 years ago

yes it handles https.

cybersea commented 8 years ago

Thanks. I found this error list in the Tomcat gpt log files. So, do you think this error was caused by an https certificate issue?

Aug 03, 2016 9:48:23 AM com.esri.gpt.control.harvest.HarvestController handleTestConnection

FINE: Exception raised. com.esri.gpt.catalog.harvest.clients.exceptions.HRConnectionException: Protocol connection exception at com.esri.gpt.catalog.harvest.repository.HrRecord.checkConnection(HrRecord.java:516) at com.esri.gpt.catalog.harvest.repository.HrTestRequest.execute(HrTestRequest.java:71) at com.esri.gpt.control.harvest.HarvestController.handleTestConnection(HarvestController.java:533) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:606) at org.apache.el.parser.AstValue.invoke(AstValue.java:172) at org.apache.el.MethodExpressionImpl.invoke(MethodExpressionImpl.java:276) at org.apache.jasper.el.JspMethodExpression.invoke(JspMethodExpression.java:68) at javax.faces.event.MethodExpressionActionListener.processAction(MethodExpressionActionListener.java:144) at javax.faces.event.ActionEvent.processListener(ActionEvent.java:84) at javax.faces.component.UIComponentBase.broadcast(UIComponentBase.java:773) at javax.faces.component.UICommand.broadcast(UICommand.java:296) at javax.faces.component.UIViewRoot.broadcastEvents(UIViewRoot.java:781) at javax.faces.component.UIViewRoot.processApplication(UIViewRoot.java:1246) at com.sun.faces.lifecycle.InvokeApplicationPhase.execute(InvokeApplicationPhase.java:77) at com.sun.faces.lifecycle.Phase.doPhase(Phase.java:97) at com.sun.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:114) at javax.faces.webapp.FacesServlet.service(FacesServlet.java:308) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at com.esri.gpt.control.filter.EncodingFilter.doFilter(EncodingFilter.java:122) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:857) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:588) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489) at java.lang.Thread.run(Thread.java:745) Caused by: java.lang.IllegalArgumentException: Protocol connection exception at com.esri.gpt.control.webharvest.protocol.ProtocolInvoker.ping(ProtocolInvoker.java:57) at com.esri.gpt.catalog.harvest.repository.HrRecord.checkConnection(HrRecord.java:508) ... 34 more Caused by: java.lang.reflect.InvocationTargetException at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:606) at com.esri.gpt.control.webharvest.protocol.ProtocolInvoker.ping(ProtocolInvoker.java:47) ... 35 more Aug 03, 2016 9:48:23 AM com.esri.gpt.control.harvest.HarvestController handleTestConnection FINE: Exception raised. com.esri.gpt.catalog.harvest.clients.exceptions.HRConnectionException: Protocol connection exception at com.esri.gpt.catalog.harvest.repository.HrRecord.checkConnection(HrRecord.java:516) at com.esri.gpt.catalog.harvest.repository.HrTestRequest.execute(HrTestRequest.java:71) at com.esri.gpt.control.harvest.HarvestController.handleTestConnection(HarvestController.java:533) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:606) at org.apache.el.parser.AstValue.invoke(AstValue.java:172) at org.apache.el.MethodExpressionImpl.invoke(MethodExpressionImpl.java:276) at org.apache.jasper.el.JspMethodExpression.invoke(JspMethodExpression.java:68) at javax.faces.event.MethodExpressionActionListener.processAction(MethodExpressionActionListener.java:144) at javax.faces.event.ActionEvent.processListener(ActionEvent.java:84) at javax.faces.component.UIComponentBase.broadcast(UIComponentBase.java:773) at javax.faces.component.UICommand.broadcast(UICommand.java:296) at javax.faces.component.UIViewRoot.broadcastEvents(UIViewRoot.java:781) at javax.faces.component.UIViewRoot.processApplication(UIViewRoot.java:1246) at com.sun.faces.lifecycle.InvokeApplicationPhase.execute(InvokeApplicationPhase.java:77) at com.sun.faces.lifecycle.Phase.doPhase(Phase.java:97) at com.sun.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:114) at javax.faces.webapp.FacesServlet.service(FacesServlet.java:308) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at com.esri.gpt.control.filter.EncodingFilter.doFilter(EncodingFilter.java:122) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:857) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:588) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489) at java.lang.Thread.run(Thread.java:745) Caused by: java.lang.IllegalArgumentException: Protocol connection exception at com.esri.gpt.control.webharvest.protocol.ProtocolInvoker.ping(ProtocolInvoker.java:57) at com.esri.gpt.catalog.harvest.repository.HrRecord.checkConnection(HrRecord.java:508) ... 34 more Caused by: java.lang.reflect.InvocationTargetException at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:606) at com.esri.gpt.control.webharvest.protocol.ProtocolInvoker.ping(ProtocolInvoker.java:47) ... 35 more Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: timestamp check failed at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1916) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:279) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:273) at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1469) at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:213) at sun.security.ssl.Handshaker.processLoop(Handshaker.java:913) at sun.security.ssl.Handshaker.process_record(Handshaker.java:849) at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1035) at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1344) at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:721) at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:122) at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82) at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140) at org.apache.commons.httpclient.HttpConnection.flushRequestOutputStream(HttpConnection.java:828) at org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2116) at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1096) at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:398) at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171) at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397) at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:323) at com.esri.gpt.framework.http.HttpClientRequest.execute(HttpClientRequest.java:581) at com.esri.gpt.catalog.harvest.protocols.AbstractHTTPHarvestProtocol.ping(AbstractHTTPHarvestProtocol.java:76) ... 40 more Caused by: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: timestamp check failed at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:350) at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:249) at sun.security.validator.Validator.validate(Validator.java:260) at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:326) at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:231) at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:126) at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1451) ... 58 more Caused by: java.security.cert.CertPathValidatorException: timestamp check failed at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:159) at sun.security.provider.certpath.PKIXCertPathValidator.doValidate(PKIXCertPathValidator.java:353) at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:191) at java.security.cert.CertPathValidator.validate(CertPathValidator.java:279) at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:345) ... 64 more Caused by: java.security.cert.CertificateExpiredException: NotAfter: Tue Aug 25 00:07:10 PDT 2009 at sun.security.x509.CertificateValidity.valid(CertificateValidity.java:273) at sun.security.x509.X509CertImpl.checkValidity(X509CertImpl.java:575) at sun.security.provider.certpath.BasicChecker.verifyTimestamp(BasicChecker.java:184) at sun.security.provider.certpath.BasicChecker.check(BasicChecker.java:136) at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:133) ... 68 more

zguo commented 8 years ago

looks like it's the certificate, not sure if it is expired. Caused by: java.security.cert.CertificateExpiredException: NotAfter: Tue Aug 25 00:07:10 PDT 2009

cybersea commented 8 years ago

Thank you for your help. we will have the owner of the WAF investigate