Installation-Commercial Certificates do not work

By: Rao Bhamidipati user 17 Dec 2015 at 11:55 a.m. CST

5 Responses
Rao Bhamidipati gravatar
We successfully installed Gluu release 2.3.6.1.el6 . It works fine with the the dummy / locally signed certificates that are generated during installation. However, When we change to the signed certificates from Comodo (by writing over the .crt and .key files), it stops working. We get the error "Exception : javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated". worse, we are not able to get back to the previous state by switching the .crt and .key files back to the ones generated by Gluu. We verified that the Comodo certificates and keys work as expected, otherwise, outside Gluu. Can someone please help address this?
None
closed

Answers

By William Lowe user 17 Dec 2015 at 12:01 p.m. CST

Copy
William Lowe gravatar
Rao, I think you'll want to use a clean VM and install Gluu Server 2.4.0. I'm not sure if that will resolve your issue--I'll let another gluu support engineer comment on that--but it's always best to use the latest version of the server. Thanks, Will

By Rao Bhamidipati user 17 Dec 2015 at 12:33 p.m. CST

Copy
Rao Bhamidipati gravatar
William, Thanks for your quick response. Is there a way to preserve the configuration changes we made to the previous version to carry them over to the new install? i.e. what config files do I need to preserve and copy over once the new install completes?

By Mohib Zico Account Admin 17 Dec 2015 at 12:34 p.m. CST

Copy
Mohib Zico gravatar
Rao, I agree with Will, using latest server is always better. Regarding your SSL error, let's try to update your java keystore as well. In 2.4.x it's inside /etc/ssh/certs/java/ After updating your certs inside /etc/certs, convert that httpd.crt to DER. And after that, insert that DER into cacerts using keytool (or whichever tool you prefer), restart all services ( opendj, httpd and tomcat ). Let's see how that goes.

By William Lowe user 17 Dec 2015 at 12:58 p.m. CST

Copy
William Lowe gravatar
> Is there a way to preserve the configuration changes we made to the previous version to carry them over to the new install? i.e. what config files do I need to preserve and copy over once the new install completes? We have the following [script](https://github.com/GluuFederation/community-edition-setup/blob/master/static/scripts/export23.py) for updating from 2.3.x to 2.4.0. It's not 100% tested, but it has all the info on the paths which are important for migration. Please let us know how it turns out for you. In addition, when we release Gluu Server 2.4.1 next week (ETA is currently Wednesday), that will include an upgrade script from 2.4.0 to 2.4.1. we know upgrades are an important part of using the server, and it's something we're focusing on making easier as we continue to release new versions. Thanks!

By Rao Bhamidipati user 19 Dec 2015 at 11:20 a.m. CST

Copy
Rao Bhamidipati gravatar
We debugged the script and ran it, to successfully create the /backup23 directory. The issues with the script were (1) you have to check for existence of /root/.pw or create one if not existing (2) in line 89 "for file in files():" it should be "for file in files[1:]:" to avoid the first entry in the files list which will always be a directory.. (3) The name of the script is perhaps inaccurate : It's more a backup script as it stands than an update script, unless you guys are planning on adding the update portion also to it. I am assuming the process is to remove gluu 2.3.X and install 2.3.4 and then copy the files over from the /backup23 . We're also investigating how to get the ldif files over..

Post an answer