certificate not ok

[GoogleCodeExporter]

I follow the steps in README,download the certificate 
"ex-std-nodeXX.prod.rhcloud.com"
then configure CERTIFICATE/AUTHENTICATION/FILE in JAP_WS_LOCAL.json.The commond 
line shows "certificate not ok".
If I do not configure it,there's nothing wrong.
p.s. TYPE,ADDRESS,PORT and AUTHENTICATION have been configured correctly.

Original issue reported on code.google.com by siukun89 on 18 Jan 2013 at 5:21

[GoogleCodeExporter]

I notice that the problem have been discussed in issue 14,and I try node86,but 
it doesn't help.

Original comment by siukun89 on 18 Jan 2013 at 5:39

[GoogleCodeExporter]

When you connect over HTTPS, your browser validates the server certificate. The 
server certificate should be signed by a trusted certificate authority. Your 
browser has a collection of trusted certificate authorities, and when the 
server certificate is not signed by one of those trusted certificate 
authorities, your browser will show a certificate error.
The OPENSHIFT server certificates on port 8443 are self-signed certificates. 
The OPENSHIFT server certificates on port 8443 are not signed by a trusted 
certificate authority. So, you have to configure your browser to trust that 
self-signed certificate.

JAP works like your browser. You have to configure JAP to trust that 
self-signed certificate.
PYTHON/TWISTED/PYOPENSSL does not have a collection of trusted certificate 
authorities, and by default does not validate server certificates.
JAVASCRIPT/NODE does have a collection of trusted certificate authorities, and 
by default does validate server certificates.

So even though JAP_WS_LOCAL_PYTHON works, for now, without configuring 
JAP_WS_LOCAL_PYTHON to trust that self-signed certificate, you should.

Also, when you create an OPENSHIFT application, your application is installed 
on one of the OPENSHIFT servers (and you do not know which OPENSHIFT server), 
and all OPENSHIFT servers have different certificates. So you have to configure 
JAP with the correct server certificate.

Original comment by jeroen.v...@gmail.com on 18 Jan 2013 at 7:56

[GoogleCodeExporter]

[deleted comment]

[GoogleCodeExporter]

You can download the server certificate with OPENSSL:

openssl s_client -connect XXX-YYY.rhcloud.com:8443

Original comment by jeroen.v...@gmail.com on 18 Jan 2013 at 1:12

Attachments:

• 01.PNG
• ex-std-node72.prod.rhcloud.com.txt

[GoogleCodeExporter]

Get it. Thx!
Mine is ex-std-node68.prod.rhcloud.com.

Original comment by ksdaf...@gmail.com on 18 Jan 2013 at 4:09

[GoogleCodeExporter]

I download the certificate from firefox and openssl command line.
They both show node52.
I put the certificate in the same folder with jap,and configure local json.
But it still shows "certificate not ok".

Original comment by siukun89 on 23 Jan 2013 at 7:18

Attachments:

• screen.png
• folder.png
• cmd.png

[GoogleCodeExporter]

Can you attach your certificate?
Can you attach a screenshot of "openssl s_client -connect 
XXX-YYY.rhcloud.com:8443"?
Does JAP work when you configure JAP_WS_LOCAL.json without certificate?

Original comment by jeroen.v...@gmail.com on 23 Jan 2013 at 7:25

[GoogleCodeExporter]

Only configure https(username,pwd) without certificate Jap works correcly.

Original comment by siukun89 on 23 Jan 2013 at 7:39

Attachments:

• 01.png
• ex-std-node52.prod.rhcloud.com

[GoogleCodeExporter]

As far as I can see, everything is ok (except for the certificate).
What is your REMOTE_PROXY_SERVER/ADDRESS (you can also EMAIL jer..@gmail.com)?

Original comment by jeroen.v...@gmail.com on 23 Jan 2013 at 8:25

[GoogleCodeExporter]

Yah!After I install JAP on another server node99,problem solved!
Maybe there's some problem with certificate for node52.
Thanks for all your help!

Original comment by siukun89 on 24 Jan 2013 at 2:21

[GoogleCodeExporter]

No problem :)

Original comment by jeroen.v...@gmail.com on 24 Jan 2013 at 6:18