[Building Sakai] [Deploying Sakai] ssl with 2.8 issue
Yasir Arfat
yasir.arfat at nu.edu.pk
Wed Dec 7 22:25:24 PST 2011
Dear Steve
We followed the configuration from artical(
https://confluence.sakaiproject.org/display/DOC/Sakai+Admin+Guide+-+Advanced+Tomcat++(and+Apache)+Configuration<https://confluence.sakaiproject.org/display/DOC/Sakai+Admin+Guide+-+Advanced+Tomcat++%28and+Apache%29+Configuration>)
but even then same problem.
Following is detail
1 -------------------------------
key generated using following command
keytool -genkey -alias tomcat -keyalg RSA -keystore mycert.jks
password=changeit
*mycert*.jks and .*keystore *moved to location ${catalina.home}
2 ------------------------------
added following to *conf/server.xml*
<Connector port="8443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
keystoreFile="${catalina.home}/mycert.jks" keyAlias="tomcat"
SSLEnabled="true"
clientAuth="false" sslProtocol="TLS" />
3 ------------------------------
added following to *conf/web.xml*
<security-constraint>
<web-resource-collection>
<web-resource-name>Automatic SLL Forwarding</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
4 ---------------------
in *sakai/sakai.properties *changed server url to
* serverUrl=https://localhost:8443*
5 ---------------------
restarted tomcat same problem
then uncomment line
force.url.secure=443
restarted tomcat and same problem
changed
force.url.secure=8443
restarted tomcat and same problem
comment the line #force.url.secure=443 and restarted tomcat but same
problem
changed url
* serverUrl=http://localhost:8443 *and restarted tomcat but same problem
When I am accessing *http://localhost:8443/portal *then attached (1.png)
showing, and when I am clicking on any link then 2.png showing.
On Wed, Dec 7, 2011 at 2:33 PM, Steve Swinsburg <steve.swinsburg at gmail.com>
wrote:
> Hi,
>
> Read this guide:
>
> https://confluence.sakaiproject.org/display/DOC/Sakai+Admin+Guide+-+Advanced+Tomcat++(and+Apache)+Configuration<https://confluence.sakaiproject.org/display/DOC/Sakai+Admin+Guide+-+Advanced+Tomcat++%28and+Apache%29+Configuration>
>
> The property that Muhammed refers to below is:
> *force*.url.secure=443
>
> Later you probably want to do the SSL in Apache rather than Tomcat.
>
> cheers,
> Steve
>
>
>
> On 07/12/2011, at 7:06 PM, Muhammad Shoaib wrote:
>
> Dear Yasir,
>
> You need to uncomment ssl / https in sakai.properties files as well so
> that it enforce and allow to build / make the internal links using HTTPS
>
> Regards
> Shoaib.
>
> On Fri, Dec 2, 2011 at 3:17 PM, Yasir Arfat <yasir.arfat at nu.edu.pk> wrote:
>
>> Dear All,
>>
>> I want implement ssl with sakai2.8
>> tomcat5.5
>>
>> First i have created my own certificate using following method
>>
>>
>>
>> *$ keytool -genkey -alias tomcat -keyalg RSA -keystore mycert.jks*
>>
>> *Enter keystore password: *
>>
>> *What is your first and last name?*
>>
>> * [Unknown]: Chris Barber*
>>
>> *What is the name of your organizational unit?*
>>
>> * [Unknown]:*
>>
>> *What is the name of your organization?*
>>
>> * [Unknown]: CB1, INC.*
>>
>> *What is the name of your City or Locality?*
>>
>> * [Unknown]: Minneapolis*
>>
>> *What is the name of your State or Province?*
>>
>> * [Unknown]: MN*
>>
>> *What is the two-letter country code for this unit?*
>>
>> * [Unknown]: US*
>>
>> *Is CN=Chris Barber, OU=Unknown, O="CB1, INC.", L=Minneapolis, ST=MN,
>> C=US correct?*
>>
>> * [no]: yes*
>>
>> * *
>>
>> *Enter key password for <tomcat>*
>>
>> * (RETURN if same as keystore password):*
>>
>>
>> i have placed mycert.jks in conf folder in tomcat
>>
>>
>> and uncomment the ssl connector in server.xml
>>
>>
>>
>> *<!-- Define a SSL HTTP/1.1 Connector on port 8443 -->*
>>
>> *<Connector port="8443" maxHttpHeaderSize="8192"*
>>
>> * maxThreads="150" minSpareThreads="25" maxSpareThreads="75"*
>>
>> * enableLookups="false" disableUploadTimeout="true"*
>>
>> * acceptCount="100" scheme="https" secure="true"*
>>
>> * keystoreFile="conf/mycert.jks"*
>>
>> * clientAuth="false" sslProtocol="TLS" />*
>>
>>
>>
>> and restart the tomcat server
>>
>> it redirect to http://localhost:8443/
>>
>>
>> but the some content are missing you can see in attached file. below is
>> the error
>>
>> * *
>>
>> *"The page you are looking for is currently unavailable. The Web site
>> might be experiencing technical difficulties,
>> *
>>
>> *or you may need to adjust your browser settings."*
>>
>>
>> If i try to login it gives message "The page cannot be displayed"
>>
>>
>> I also try to put the following setting in web.xml
>>
>>
>> *<!-- redirect all traffic to the SSL port -->***
>>
>> *<security-constraint>***
>>
>> * <web-resource-collection>***
>>
>> * <web-resource-name>Automatic SLL Forwarding</web-resource-name>***
>>
>> * <url-pattern>/*</url-pattern>***
>>
>> * </web-resource-collection>***
>>
>> * <user-data-constraint>***
>>
>> * <transport-guarantee>CONFIDENTIAL</transport-guarantee>***
>>
>> * </user-data-constraint>***
>>
>> *</security-constraint>***
>>
>> but it gives the same error .
>>
>>
>> i set serverurl in sakai properties file
>>
>> *serverUrl=https://localhost:8080*
>>
>> *
>> *
>>
>> and also try this
>>
>> *serverUrl=https://localhost:8443*
>>
>>
>>
>>
>> Please help me how can i solve this problem.
>>
>>
>> ****
>>
>> --
>>
>>
>> Yasir Arfat | Software Engineer
>> National University of Computer and Emerging Sciences
>> A. K. Brohi Road (Near Police Line) H11/4 Islamabad
>> Tel +92-(51)-111-128-128 Ext 344 Cell +92-(303)-5900513
>> yasir.arfat at nu.edu.pk
>>
>>
>>
>>
>> --
>>
>>
>> Yasir Arfat | Software Engineer
>> National University of Computer and Emerging Sciences
>> A. K. Brohi Road (Near Police Line) H11/4 Islamabad
>> Tel +92-(51)-111-128-128 Ext 344 Cell +92-(303)-5900513
>> yasir.arfat at nu.edu.pk
>>
>>
>> _______________________________________________
>> sakai-dev mailing list
>> sakai-dev at collab.sakaiproject.org
>> http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
>>
>> TO UNSUBSCRIBE: send email to
>> sakai-dev-unsubscribe at collab.sakaiproject.org with a subject of
>> "unsubscribe"
>>
>
>
>
> --
> Regards
> Muhammad Shoaib | Software Engineer
> National University of Computer and Emerging Sciences
> A. K. Brohi Road (Near Police Line) H11/4 Islamabad
> T +92-(51)-111-128-128 Ext 263 | M +92-331-5442131
>
> _______________________________________________
> production mailing list
> production at collab.sakaiproject.org
> http://collab.sakaiproject.org/mailman/listinfo/production
>
> TO UNSUBSCRIBE: send email to
> production-unsubscribe at collab.sakaiproject.org with a subject of
> "unsubscribe"
>
>
>
> _______________________________________________
> sakai-dev mailing list
> sakai-dev at collab.sakaiproject.org
> http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
>
> TO UNSUBSCRIBE: send email to
> sakai-dev-unsubscribe at collab.sakaiproject.org with a subject of
> "unsubscribe"
>
--
Yasir Arfat | Software Engineer
National University of Computer and Emerging Sciences
A. K. Brohi Road (Near Police Line) H11/4 Islamabad
Tel +92-(51)-111-128-128 Ext 344 Cell +92-(303)-5900513
yasir.arfat at nu.edu.pk
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://collab.sakaiproject.org/pipermail/sakai-dev/attachments/20111208/f1452579/attachment.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 1.png
Type: image/png
Size: 100111 bytes
Desc: not available
Url : http://collab.sakaiproject.org/pipermail/sakai-dev/attachments/20111208/f1452579/attachment.png
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 2.png
Type: image/png
Size: 70876 bytes
Desc: not available
Url : http://collab.sakaiproject.org/pipermail/sakai-dev/attachments/20111208/f1452579/attachment-0001.png
More information about the sakai-dev
mailing list