SSL error

By: Sai Mogali user 20 Jan 2016 at 7:14 a.m. CST

6 Responses
Sai Mogali gravatar
Gluu : 24 AWS : Ubuntu : 14.04 ------- After installation, verified that the gui login was working for admin user. Updated the httpd.key and crt file for the host. Created 'cacerts' key store with the default password 'changeit' and imported the httpd.der file. Restarted Gluu [ service gluu-server24 stop / start] After a correct password is entered for admin user, the browser is in a loop. I see the following exception in the log: INFO | jvm 1 | 2016/01/20 13:05:08 | 2016-01-20 13:05:08,980 INFO [org.gluu.oxtrust.action.Authenticator] scopes : user_name email openid profile INFO | jvm 1 | 2016/01/20 13:05:08 | 2016-01-20 13:05:08,980 INFO [org.gluu.oxtrust.action.Authenticator] clientID : @!CECC.3989.D0D2.C2AE!0001!0253.6691!0008!36A8.DB66 INFO | jvm 1 | 2016/01/20 13:05:08 | 2016-01-20 13:05:08,980 INFO [org.gluu.oxtrust.action.Authenticator] getting accessToken INFO | jvm 1 | 2016/01/20 13:05:08 | 2016-01-20 13:05:08,980 INFO [org.gluu.oxtrust.action.Authenticator] tokenURL : https://testprovider.rdap.verisignlabs.com/oxauth/seam/resource/restv1/oxauth/token INFO | jvm 1 | 2016/01/20 13:05:08 | 2016-01-20 13:05:08,980 INFO [org.gluu.oxtrust.action.Authenticator] Sending request to token endpoint INFO | jvm 1 | 2016/01/20 13:05:08 | 2016-01-20 13:05:08,980 INFO [org.gluu.oxtrust.action.Authenticator] redirectURI : https://testprovider.rdap.verisignlabs.com/identity/authentication/authcode INFO | jvm 1 | 2016/01/20 13:05:09 | 2016-01-20 13:05:09,006 ERROR [org.xdi.oxauth.client.TokenClient] peer not authenticated INFO | jvm 1 | 2016/01/20 13:05:09 | javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated INFO | jvm 1 | 2016/01/20 13:05:09 | at sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:421) INFO | jvm 1 | 2016/01/20 13:05:09 | at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128) INFO | jvm 1 | 2016/01/20 13:05:09 | at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:572)
None
closed

Answers

By Michael Schwartz Account Admin 20 Jan 2016 at 9:49 a.m. CST

Copy
Michael Schwartz gravatar
What is the path of the cacerts file that you updated? Was it `/usr/java/latest/lib/security/cacerts` ?

By Sai Mogali user 20 Jan 2016 at 12:17 p.m. CST

Copy
Sai Mogali gravatar
The keystore /etc/certs/cacerts was created as part of the import There was no keystore named /etc/certs/cacerts after installation.

By Sai Mogali user 20 Jan 2016 at 12:20 p.m. CST

Copy
Sai Mogali gravatar
Followed instructions in : Admin Guide -> Certificates -> Apache. Apache has the new certificate. Initial page for login/password shows the correct certificate. The problem is after the user is validated.

By Sai Mogali user 20 Jan 2016 at 12:58 p.m. CST

Copy
Sai Mogali gravatar
Michael, thank you for the pointer. I updated the /usr/java/latest/lib/security/cacerts keystore, and it resolved this problem. May be the documentation can be a bit more explicit in the keystore being referred.

By Mohib Zico staff 21 Jan 2016 at 1:50 a.m. CST

Copy
Mohib Zico gravatar
Sai, >> May be the documentation can be a bit more explicit in the keystore being referred. Apache cert update [documentation](http://www.gluu.org/docs/admin-guide/certificates/#apache) has indication for updating java keystore ( aka. cacerts ). Is there anything else you want to insert which might make it more clear? Feel free to suggest.

By Sai Mogali user 21 Jan 2016 at 7:10 a.m. CST

Copy
Sai Mogali gravatar
Hi, I had submitted a patch y'day to the documentation. https://github.com/GluuFederation/docs/pull/65

Post an answer