search

irods-contrib / irods-cloud-browser

DFC Web Based cloud browser
BSD 2-Clause "Simplified" License
18 stars 13 forks source link

Missing documentation on PAM setup #126

Closed burnce closed 9 years ago

burnce commented 9 years ago

Hello,

I have encountered the following problem. I set all the presets in the groovy file to point to my iRODS server using PAM authentication. The iRODS server however refuses the connection due to:

ERROR: sslAccept: error calling SSL_accept. SSL error: error:14094416:SSL
routines:SSL3_READ_BYTES:sslv3 alert certificate unknown

How do I point the cloud browser to the correct certificate?

Thanks,

Bernhard

michael-conway commented 9 years ago

It's likely that you are using a self-signed SSL certificate. The issue is that the public key is not in your keystore.

The JVM on which you are running Tomcat or another web server needs that SSL key imported, which is done using the keytool command. There is a good reference here:

http://alvinalexander.com/java/java-using-keytool-import-certificate-keystore

That should resolve your issue.

Cheers MC

On 11/12/2015 09:27 AM, burnce wrote:

Hello,

I have encountered the following problem. I set all the presets in the groovy file to point to my iRODS server using PAM authentication. The iRODS server however refuses the connection due to:

|ERROR: sslAccept: error calling SSL_accept. SSL error: error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate unknown |

How do I point the cloud browser to the correct certificate?

Thanks,

Bernhard

— Reply to this email directly or view it on GitHub https://github.com/DICE-UNC/irods-cloud-browser/issues/126.

burnce commented 9 years ago

Hello Mike,

Thanks for the prompt reply Mike,

Adding the CA certificate which signed the iRODS server certificate ti the tomcat-server jvm's keystore worked.

Cheers,

Bernhard

michael-conway commented 9 years ago

OK great. Yes, the SSL stuff is a pain, especially with self signed certs. For the cyberduck folks, we've added the ability to bypass checks through a property, as well as inject a custom trust manager, so I'm going to merge that jargon code into the web interface in this next mx release.

We've had more SSL headaches than anything!

Cheers MC

On 11/12/2015 10:16 AM, burnce wrote:

Hello Mike,

Thanks for the prompt reply Mike,

Adding the CA certificate which signed the iRODS server certificate ti the tomcat-server jvm's keystore worked.

Cheers,

Bernhard

— Reply to this email directly or view it on GitHub https://github.com/DICE-UNC/irods-cloud-browser/issues/126#issuecomment-156135038.