Closed lpellegr closed 8 years ago
Java version used was 1.8.0_65-b17.
A direct call to the REST API with curl works as expected.
Since try is configured with HTTPS and everything works as expected, I suspect that the issue is due to the self signed certificate or the Java version.
Quick analysis of the keystore that is used by default shows several problems: at least certificate that has expired.
keytool -v -list -keystore /Users/lpellegr/Desktop/activeeon-pws-enterprise/config/web/keystore
Enter keystore password:
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 1 entry
Alias name: jetty
Creation date: Jul 8, 2014
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=Unknown, OU=Unknown, O=Activeeon, L=Unknown, ST=Unknown, C=Unknown
Issuer: CN=Unknown, OU=Unknown, O=Activeeon, L=Unknown, ST=Unknown, C=Unknown
Serial number: 7668a1c6
Valid from: Tue Jul 08 12:59:41 BST 2014 until: Mon Oct 06 12:59:41 BST 2014
Certificate fingerprints:
MD5: 53:5E:9B:B8:E9:00:80:84:94:48:28:77:46:23:A0:08
SHA1: 5C:8B:D7:1A:1F:02:D7:9D:8F:EA:88:9C:25:A7:A1:DE:CB:59:19:44
SHA256: CA:A0:E5:C4:E0:8C:93:BA:0A:42:02:9E:52:1B:C6:51:2C:51:D2:8E:CD:A2:C1:DF:4B:A7:41:4E:B5:94:44:31
Signature algorithm name: SHA256withRSA
Version: 3
Extensions:
#1: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: AB 0A 6C 20 BE E1 35 F8 2F 09 EE C8 B5 55 35 26 ..l ..5./....U5&
0010: C1 42 6B 91 .Bk.
]
]
*******************************************
*******************************************
I have followed the explanations given in the documentation to configure the Scheduler so that Jetty serves requests using HTTPS.
In summary, I have edited
config/web/settings.ini
in order to setweb.https
totrue
.Once done, the Scheduler and all services start properly. However, it is not possible to authenticate to RM or Scheduler Web portals (no error message in Scheduler logs).
I remember that unpacked WAR files associated to RM and Scheduler Web apps contain configuration files. Consequently, I have tried to edit them:
dist/war/rm/rm.conf
to setrm.rest.url=https://localhost:8080/rest
dist/war/scheduler/scheduler.conf
to setsched.rest.url=https://localhost:8080/rest
After applying these configurations, the Scheduler starts but authentication is still not working (endless connection):
When I look at the logs on Scheduler side, I get the following error message:
A quick search lets suppose it is a configuration issue on my side (e.g. certificate that is not trusted). However, the documentation gives no explanation about how to solve such a problem.
The default HTTPS configuration with provided keystore should work out-of-the box.
I performed the tests on Fedora 22 and OS X Yosemite with PWS 7.3.1 Enterprise version.