Fedora Commons Users List for FEDORA Repository Architecture ()

[fcrepo-user] ./fedora-ingest-demos.sh fails with "java.net.ConnectException: Connection refused"

Hallo,

I have the following issue with ./fedora-ingest-demos.sh

The general setup is:

fedora-commons 3.5 is installed on existing Apache-Tomcat 7.0.25
The database is mysql  Ver 14.12 Distrib 5.0.67, for suse-linux-gnu  
(x86_64) using readline 5.2
The database connection works fine (I can create objects and upload  
datastreams for test objects)

Apache-Tomcat is listening to port 8080 (only available from localhost  
due to firewall setting)
Apache-Tomcat is connected to an Apache-httpd-2.2.22 (brand new!) via  
mod_proxy and ajp protocol to port 8009
Apache-httpd is listening to port 80.

java -version
java version "1.6.0_30"
Java(TM) SE Runtime Environment (build 1.6.0_30-b12)
Java HotSpot(TM) 64-Bit Server VM (build 20.5-b03, mixed mode)

I watch the following behaviour:

1. Using Apache Tomcat on localhost directly:
Correct password: ./fedora-ingest-demos.sh localhost 8080 fedoraAdmin  
******** http fedora
Failure with log file in client/logs as described below.
Nothing is written to the server logs server/logs/fedora.log

(Continue reading)

headers

Alistair Young | 1 Feb 12:49

Re: [fcrepo-user] API-M PHP SOAP connection

Hi Luis,

have you compiled PHP with SSL support as API-M uses HTTPS.

Alistair

--

mov eax,1
mov ebx,0
int 80h

On 28 Jan 2012, at 22:58, Luis Horacio Arizaga wrote:

Hello how are you doing? I am a student from the National Technologic University in Argentina and I am currently trying to develop a repository for the institution with a bunch of collegues. We started working a few weeks ago and now we have a little problem. We can't connect to the API-M with NuSoap Library for PHP. We need to use PHP in order to integrate the repository with Moodle since that platform is being used in the university. I was wondering if someone could send an example or an explanation of how can the connection be made that would really help us. Where developping the repository with Fedora 3.5 and Ubuntu. The server is Apache Tomcat.

I hope I could make myself understood since I haven't spoken english for a while. Thanks for your time.

Regards,

Luis Horacio Arizaga

------------------------------------------------------------------------------
Try before you buy = See our experts in action!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-dev2_______________________________________________
Fedora-commons-users mailing list
Fedora-commons-users-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org
https://lists.sourceforge.net/lists/listinfo/fedora-commons-users

------------------------------------------------------------------------------
Keep Your Developer Skills Current with LearnDevNow!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-d2d

_______________________________________________
Fedora-commons-users mailing list
Fedora-commons-users@...
https://lists.sourceforge.net/lists/listinfo/fedora-commons-users

headers

Burgis, Richard | 1 Feb 21:37

[fcrepo-user] Implementing Content Models

I am trying to implement a content model based on example 3 in the tutorial.

I initially tried to simply change the names and the argument names.

I’ve made several other attempts including using the EZDef.xsl and EZDep.xsl tools. In all cases when I try to view the method list, I get an Http 400 error.

I’ve successfully attached the example SDef, SDep and CModel to my objects, but I cannot get even a simple variation to work.

Is there some obvious thing that I’m overlooking? I’d be happy to post my data streams if that would help.

Thank you very much

Rich

------------------------------------------------------------------------------
Keep Your Developer Skills Current with LearnDevNow!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-d2d

_______________________________________________
Fedora-commons-users mailing list
Fedora-commons-users@...
https://lists.sourceforge.net/lists/listinfo/fedora-commons-users

headers

Gert Schmeltz Pedersen | 2 Feb 14:42

[fcrepo-user] Fedora Generic Search 2.4 test: some PDF documents not indexed full text

Improved control of the writeLimit in Apache Tika is now included in GSearch 2.4.1, which is released today, see

https://wiki.duraspace.org/display/FCSVCS/Generic+Search+Service+2.4.1

-Gert

Begin forwarded message:

From: Gert Schmeltz Pedersen <gertsp45-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>

Date: 22. jan 2012 12.28.05 CET

To: "Support and info exchange list for Fedora users." <fedora-commons-users-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org>

Subject: Re: [fcrepo-user] Fedora Generic Search 2.4 test: some PDF documents not indexed full text

PDFBox can extract text from PDF files only. Before the inclusion of Tika in GSearch 2.4, GSearch could not extract text from the other types. Improved control of the writeLimit in Tika will be released in GSearch during the coming week, then all the types are available without length restriction.

-Gert

On 20/01/2012, at 23.38, Serhiy Polyakov wrote:

I am using GSearch 2.4. If I still want to full-text index very large

documents I understand I can switch from Tika back to PDFBox in the

configuration (getDatastreamFromTika -> getDatastreamText). I also

want to full-text index MSWord, Excel, PowerPoint and other types.

Which component of software will be actually doing extraction from

those file types if I switch to PDFBox?

Thanks,

Serhiy

On Mon, Jan 16, 2012 at 11:31 AM, Gert Schmeltz Pedersen

<gertsp45-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:

Re (1) I ingested the ERIC document and find that with getDatastreamFromTika I get an exception, because the document has more than 100000 characters, while with PDFBox directly (getDatastreamText) the document gets indexed. This probably explains, why some of your documents are not indexed, the longest ones. I will investigate, how we can raise that character limit in Tika.

Re (2) The ERROR in fedora.log comes because your indexing stylesheet tries to index a datastream, which is not present in that object. You can ignore the message, or preferably, change your indexing stylesheet, so that it only tries to index datastreams that are known to exist.

-Gert

On 16/01/2012, at 10.16, Serhiy Polyakov wrote:

I tested Fedora Generic Search 2.4

(1)

Focus was on PDF full text indexing. I found that some PDF document

are full text indexed OK but some are not. Those that are not indexed

full text can be converted into text using Adobe Acrobat so they are

not images. Their metadata is indexed alright in Fedora.

Example of the document that was not full text indexed is from ERIC database:

"Digest of Education Statistics, 2009. NCES 2010-013"

http://www.eric.ed.gov/ERICWebPortal/search/recordDetails.jsp?ERICExtSearch_SearchValue_0=ED509883&searchtype=keyword&ERICExtSearch_SearchType_0=no&_pageLabel=RecordDetails&accno=ED509883&_nfls=false&source=ae

I looked at the fedoragsearch.daily.log and see that fields like

<field name="dsmd_OBJ.Content-Type"> are there for the problem PDF

document. However, filed like <field name="ds.OBJ"> is absent.

For other PDF documents that were full test indexed without problems

field <field name="ds.OBJ"> was in the fedoragsearch.daily.log

Any suggestion how to fix would help.

(2)

Additionally, for each ingest of any object multiple records starting

with the following records are written in the fedora.log:

ERROR 2012-01-16 02:45:43.124 [http-8080-4]

(FedoraAPIABindingSOAPHTTPImpl) Error getting datastream dissemination

org.fcrepo.server.errors.DatastreamNotFoundException: [DefaulAccess]

No datastream could be returned. Either there is no datastream for the

digital object "mynamesp:someid" with datastream ID of "QUERY " OR

there are no datastreams that match the specified date/time value of

"null " .

...

...

"mynamesp:someid" is my collection where I ingest objects.

Should I ignore those?

Thank you,

Serhiy

------------------------------------------------------------------------------

RSA(R) Conference 2012

Mar 27 - Feb 2

Save $400 by Jan. 27

Register now!

http://p.sf.net/sfu/rsa-sfdev2dev2

_______________________________________________

Fedora-commons-users mailing list

Fedora-commons-users-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org

https://lists.sourceforge.net/lists/listinfo/fedora-commons-users

------------------------------------------------------------------------------

RSA(R) Conference 2012

Mar 27 - Feb 2

Save $400 by Jan. 27

Register now!

http://p.sf.net/sfu/rsa-sfdev2dev2

_______________________________________________

Fedora-commons-users mailing list

Fedora-commons-users-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org

https://lists.sourceforge.net/lists/listinfo/fedora-commons-users

------------------------------------------------------------------------------

Try before you buy = See our experts in action!

The most comprehensive online learning library for Microsoft developers

is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,

Metro Style Apps, more. Free future releases when you subscribe now!

http://p.sf.net/sfu/learndevnow-dev2

_______________________________________________

Fedora-commons-users mailing list

Fedora-commons-users-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org

https://lists.sourceforge.net/lists/listinfo/fedora-commons-users

------------------------------------------------------------------------------
Keep Your Developer Skills Current with LearnDevNow!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-d2d

_______________________________________________
Fedora-commons-users mailing list
Fedora-commons-users@...
https://lists.sourceforge.net/lists/listinfo/fedora-commons-users

headers

ajs6f-4Ng6DfrEGID2fBVCVOL8/A@public.gmane.org | 2 Feb 16:41

Re: [fcrepo-user] Implementing Content Models

A section from your Fedora log that shows what happens when you try to access the method list would be very
helpful. It should be available in $YOUR_FEDORA_HOME/server/logs/fedora.log.

---
A. Soroka
Online Library Environment
the University of Virginia Library

On Feb 1, 2012, at 3:37 PM, Burgis, Richard wrote:

> I am trying to implement a content model based on example 3 in the tutorial.
>  
> I initially tried to simply change the names and the argument names.
>  
> I’ve made several other attempts including using the EZDef.xsl and EZDep.xsl tools. In all cases when I
try to view the method list, I get an Http 400 error.
>  
> I’ve successfully attached the example SDef, SDep and CModel to my objects, but I cannot get even a
simple variation to work.
>  
> Is there some obvious thing that I’m overlooking? I’d be happy to post my  data streams if that would help.
>  
> Thank you very much
> Rich
> ------------------------------------------------------------------------------
> Keep Your Developer Skills Current with LearnDevNow!
> The most comprehensive online learning library for Microsoft developers
> is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
> Metro Style Apps, more. Free future releases when you subscribe now!
> http://p.sf.net/sfu/learndevnow-d2d_______________________________________________
> Fedora-commons-users mailing list
> Fedora-commons-users@...
> https://lists.sourceforge.net/lists/listinfo/fedora-commons-users

------------------------------------------------------------------------------
Keep Your Developer Skills Current with LearnDevNow!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-d2d

headers

Jörg Knappen | 2 Feb 16:54

Re: [fcrepo-user] ./fedora-ingest-demos.sh fails with "java.net.ConnectException: Connection refused"

The following configuration solved the problem for me:

in $FEDORA_HOME/server/config/spring/web/web.properties,

set

security.ssl.api.management=ANY_CHANNEL

Found after a full day of inspecting the source code, because the  
error message was too unspecific. Why doesn't it tell me what kind of  
connection failed? When I try to ingest using http on port 80 (or  
8080), am I supposed to guess that an https connection to port 8433  
fails???

--Jörg Knappen

Zitat von Jörg Knappen <j.knappen@...>:

> Hallo,
>
> I have the following issue with ./fedora-ingest-demos.sh
>
> The general setup is:
>
> fedora-commons 3.5 is installed on existing Apache-Tomcat 7.0.25
> The database is mysql  Ver 14.12 Distrib 5.0.67, for suse-linux-gnu  
> (x86_64) using readline 5.2
> The database connection works fine (I can create objects and upload  
> datastreams for test objects)
>
> Apache-Tomcat is listening to port 8080 (only available from  
> localhost due to firewall setting)
> Apache-Tomcat is connected to an Apache-httpd-2.2.22 (brand new!)  
> via mod_proxy and ajp protocol to port 8009
> Apache-httpd is listening to port 80.
>
> java -version
> java version "1.6.0_30"
> Java(TM) SE Runtime Environment (build 1.6.0_30-b12)
> Java HotSpot(TM) 64-Bit Server VM (build 20.5-b03, mixed mode)
>
> I watch the following behaviour:
>
> 1. Using Apache Tomcat on localhost directly:
> Correct password: ./fedora-ingest-demos.sh localhost 8080  
> fedoraAdmin ******** http fedora
> Failure with log file in client/logs as described below.
> Nothing is written to the server logs server/logs/fedora.log
>
> Wrong password ./fedora-ingest-demos.sh localhost 8080 fedoraAdmin  
> wrongpassword http fedora
> Failure with log file in client/logs, containing (401)Unauthorized
> 41 lines written to server/logs/fedora.log looking like
> ERROR 2012-01-31 17:15:57.755 [http-bio-8080-exec-13]  
> (AuthFilterJAAS) Anmeldefehler: Alle Module werden ignoriert
>
> 2. Using the indirection via Apache httpd:
> Correct password: ./fedora-ingest-demos.sh localhost 80 fedoraAdmin  
> ******** http fedora
> Failure with Segmentation Fault (Speicherzugriffsverletzung)
> Nothing is written to the server logs server/logs/fedora.log
>
> Wrong password ./fedora-ingest-demos.sh localhost 80 fedoraAdmin  
> wrongpassword http fedora
> Failure with log file in client/logs, containing (401)Unauthorized
> 41 lines written to server/logs/fedora.log looking like
> ERROR 2012-02-01 11:54:48.781 [ajp-bio-8009-exec-8] (AuthFilterJAAS)  
> Anmeldefehler: Alle Module werden ignoriert
>
> The operating system is SLES 11 (Suse Linux Enterpise Server) and --  
> as you can see -- issues error messages in german language.
>
> Google showed me that the isue has appeared several times before,  
> but I could not find a cure for the problem.
>
> Jörg Knappen
>
>> WARNING: 41 of 41 objects failed.  Check log.
>>
>> The log file in client/logs has
>>
>> <?xml version="1.0" encoding="UTF-8"?>
>> <ingest-from-dir>
>> <failed  
>> file="/usr/local/fedora-commons/client/demo/foxml/local-server-demos/d
>> ocument-transform-demo/demo_XML_TO_HTMLDOC.xml">
>>   ; nested exception is:
>>       java.net.ConnectException: Connection refused
>> </failed>
>>
>
> Output from test with intentionally wrong password:
>> <ingest-from-dir>
>> <failed  
>> file="/usr/local/fedora-commons/client/demo/foxml/local-server-demos/d
>> ocument-transform-demo/demo_XML_TO_HTMLDOC.xml">
>>   (401)Unauthorized
>> </failed>
>>
>>
>
>

------------------------------------------------------------------------------
Keep Your Developer Skills Current with LearnDevNow!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-d2d

headers

Jörg Knappen | 3 Feb 11:18

[fcrepo-user] After Ingest: Some demo objects have broken wdsl data streams

I am still testing the fedora commons repository. Now some (but not  
all!) demo objects have broken wdsl-datastreams, e.g., the object  
demo:28:

http://fedora.clarin-d.uni-saarland.de/fedora/objects/demo:28/datastreams/WSDL/content

give me the following error message from Firefox 9.0.1

XML-Verarbeitungsfehler: Ungeschlossenes Token
Adresse:  
http://fedora.clarin-d.uni-saarland.de/fedora/objects/demo:28/datastreams/WSDL/content
Zeile Nr. 202, Spalte 17:                </w
----------------^

(My Firefox speaks german: it translates to
XML processing error: token not closed
address:  
http://fedora.clarin-d.uni-saarland.de/fedora/objects/demo:28/datastreams/WSDL/content
Line 202, Row 17: </w
)

It seems that the wdsl datastream ends prematurely. Has someone  
encountered this problem before? Google showed nothing to me.

--Jörg Knappen

P.S. The following demos show the problem demo:13 demo:25 demo:28

------------------------------------------------------------------------------
Try before you buy = See our experts in action!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-dev2

headers

Enrico Anello (OEKM | 3 Feb 14:44

Re: [fcrepo-user] Change default self-signed certificate

Hi Greg,
Sorry for bothering again on the same issue.
Since I modified the self-signed certificate I can't make gsearch working anymore.
The exception throw is always:

Fedora Object xxxxxxxxxx not found at DemoAtDtu; nested exception is: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed

I have configured tomcat to load the keystore where the self-signed certificate is in and to load a custom truststore where I trusted that certificate. I have also ran tomcat with ssl debug options and here is the result:

Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
http-8443-1, setSoTimeout(60000) called
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1328210885 bytes = { 67, 138, 70, 121, 118, 92, 54, 158, 143, 142, 85, 65, 104, 198, 105, 187, 13, 101, 245, 198, 200, 96, 231, 127, 90, 242, 78, 197 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods: { 0 }
***
http-8080-4, WRITE: TLSv1 Handshake, length = 75
http-8080-4, WRITE: SSLv2 client hello message, length = 101
http-8443-1, READ: SSL v2, contentType = Handshake, translated length = 75
*** ClientHello, TLSv1
RandomCookie: GMT: 1328210885 bytes = { 67, 138, 70, 121, 118, 92, 54, 158, 143, 142, 85, 65, 104, 198, 105, 187, 13, 101, 245, 198, 200, 96, 231, 127, 90, 242, 78, 197 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods: { 0 }
***
%% Created: [Session-16, SSL_RSA_WITH_RC4_128_MD5]
*** ServerHello, TLSv1
RandomCookie: GMT: 1328210885 bytes = { 47, 120, 37, 197, 62, 247, 95, 232, 197, 6, 103, 66, 150, 175, 138, 223, 116, 114, 9, 89, 159, 191, 149, 137, 73, 59, 122, 65 }
Session ID: {79, 43, 228, 197, 44, 49, 31, 110, 59, 165, 112, 152, 100, 250, 225, 128, 224, 239, 110, 235, 136, 192, 171, 142, 185, 238, 215, 99, 144, 238, 33, 131}
Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
Compression Method: 0
Extension renegotiation_info, renegotiated_connection: <empty>
***
Cipher suite: SSL_RSA_WITH_RC4_128_MD5
*** Certificate chain
chain [0] = [
[
Version: V1
Subject: CN=esx-fao.cilea.it, OU=OEKMI, O=FAO, L=Rome, ST=Italy, C=IT
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

Key: Sun RSA public key, 2048 bits
modulus: 17661593669421858218411695598553797822920372273555124371461037567902617101375504162491484973176890789579620089972944454891564865544786573612037968012019305163894378123784419527375220478530403364569016018453996686344369362921581597920769643751454368493077782536030400938009459107928045222069203207445307480604767696747643641235711336095880000296052166470303956724650011167885232993976903037401782809172246342969503969643912804519781046798499462554025521745428121941174946483101336873991433783598519754951275915999306443219649393264403734713231147801316173857847931988613935558702770768716915959357700644451196891575503
public exponent: 65537
Validity: [From: Fri Jan 27 17:37:34 CET 2012,
               To: Sat Jan 26 17:37:34 CET 2013]
Issuer: CN=esx-fao.cilea.it, OU=OEKMI, O=FAO, L=Rome, ST=Italy, C=IT
SerialNumber: [    4f22d2ce]

]
Algorithm: [SHA1withRSA]
Signature:
0000: 2D 40 00 D7 8F F5 A4 85   F2 1B 72 AF C3 BC DE 8D - <at> ........r.....
0010: E5 50 9E 0D 63 CC D2 D6   4B C3 D0 55 B1 A8 76 12 .P..c...K..U..v.
0020: 3C 8A BE 7D E9 D4 25 E3   3F C1 2B 23 B7 19 10 97 <.....%.?.+#....
0030: 20 53 F7 7B 01 47 15 8F   2C 87 BB B9 02 D4 A7 8D   S...G..,.......
0040: 63 30 29 17 8B CA 71 6B   2B 56 7C 7D A7 B5 C4 90 c0)...qk+V......
0050: B3 4A 30 9A 24 BE E5 01   49 6E 98 BF 2D C1 36 4E .J0.$...In..-.6N
0060: C4 B1 EF 21 B1 4E C0 C8   44 79 ED 8B BE E0 52 46 ...!.N..Dy....RF
0070: 87 73 B0 40 7E AC AF 9E   3A 3F 1B 47 01 C8 75 8A .s. <at> ....:?.G..u.
0080: 9D C3 AA E1 BA 24 99 45   59 B5 D6 14 5E 1E 92 6A .....$.EY...^..j
0090: F6 67 B0 D9 70 1D C7 45   95 DB BE D3 D8 25 0F 5B .g..p..E.....%.[
00A0: 17 E4 2F 73 7D 99 84 14   82 E8 C7 60 84 3E 54 94 ../s.......`.>T.
00B0: 0E AF 08 C0 0D 91 00 F2   55 3F AA D3 5D 37 28 35 ........U?..]7(5
00C0: 49 52 D0 BD 69 70 74 FD   4C BF 2C 13 EA AD 65 36 IR..ipt.L.,...e6
00D0: 92 D3 A7 BD D9 4C 89 3E   34 16 75 BF 9B 45 7E 30 .....L.>4.u..E.0
00E0: 26 2D CD 62 93 F8 19 16   2F 67 B0 20 2D ED 22 35 &-.b..../g. -."5
00F0: 20 12 33 CE 45 53 D5 F2   92 85 6A E2 2E 0D 84 43   .3.ES....j....C

]
***
*** ServerHelloDone
http-8443-1, WRITE: TLSv1 Handshake, length = 932
http-8080-4, READ: TLSv1 Handshake, length = 932
*** ServerHello, TLSv1
RandomCookie: GMT: 1328210885 bytes = { 47, 120, 37, 197, 62, 247, 95, 232, 197, 6, 103, 66, 150, 175, 138, 223, 116, 114, 9, 89, 159, 191, 149, 137, 73, 59, 122, 65 }
Session ID: {79, 43, 228, 197, 44, 49, 31, 110, 59, 165, 112, 152, 100, 250, 225, 128, 224, 239, 110, 235, 136, 192, 171, 142, 185, 238, 215, 99, 144, 238, 33, 131}
Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
Compression Method: 0
Extension renegotiation_info, renegotiated_connection: <empty>
***
%% Created: [Session-17, SSL_RSA_WITH_RC4_128_MD5]
** SSL_RSA_WITH_RC4_128_MD5
*** Certificate chain
chain [0] = [
[
Version: V1
Subject: CN=esx-fao.cilea.it, OU=OEKMI, O=FAO, L=Rome, ST=Italy, C=IT
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

Key: Sun RSA public key, 2048 bits
modulus: 17661593669421858218411695598553797822920372273555124371461037567902617101375504162491484973176890789579620089972944454891564865544786573612037968012019305163894378123784419527375220478530403364569016018453996686344369362921581597920769643751454368493077782536030400938009459107928045222069203207445307480604767696747643641235711336095880000296052166470303956724650011167885232993976903037401782809172246342969503969643912804519781046798499462554025521745428121941174946483101336873991433783598519754951275915999306443219649393264403734713231147801316173857847931988613935558702770768716915959357700644451196891575503
public exponent: 65537
Validity: [From: Fri Jan 27 17:37:34 CET 2012,
               To: Sat Jan 26 17:37:34 CET 2013]
Issuer: CN=esx-fao.cilea.it, OU=OEKMI, O=FAO, L=Rome, ST=Italy, C=IT
SerialNumber: [    4f22d2ce]

]
Algorithm: [SHA1withRSA]
Signature:
0000: 2D 40 00 D7 8F F5 A4 85   F2 1B 72 AF C3 BC DE 8D - <at> ........r.....
0010: E5 50 9E 0D 63 CC D2 D6   4B C3 D0 55 B1 A8 76 12 .P..c...K..U..v.
0020: 3C 8A BE 7D E9 D4 25 E3   3F C1 2B 23 B7 19 10 97 <.....%.?.+#....
0030: 20 53 F7 7B 01 47 15 8F   2C 87 BB B9 02 D4 A7 8D   S...G..,.......
0040: 63 30 29 17 8B CA 71 6B   2B 56 7C 7D A7 B5 C4 90 c0)...qk+V......
0050: B3 4A 30 9A 24 BE E5 01   49 6E 98 BF 2D C1 36 4E .J0.$...In..-.6N
0060: C4 B1 EF 21 B1 4E C0 C8   44 79 ED 8B BE E0 52 46 ...!.N..Dy....RF
0070: 87 73 B0 40 7E AC AF 9E   3A 3F 1B 47 01 C8 75 8A .s. <at> ....:?.G..u.
0080: 9D C3 AA E1 BA 24 99 45   59 B5 D6 14 5E 1E 92 6A .....$.EY...^..j
0090: F6 67 B0 D9 70 1D C7 45   95 DB BE D3 D8 25 0F 5B .g..p..E.....%.[
00A0: 17 E4 2F 73 7D 99 84 14   82 E8 C7 60 84 3E 54 94 ../s.......`.>T.
00B0: 0E AF 08 C0 0D 91 00 F2   55 3F AA D3 5D 37 28 35 ........U?..]7(5
00C0: 49 52 D0 BD 69 70 74 FD   4C BF 2C 13 EA AD 65 36 IR..ipt.L.,...e6
00D0: 92 D3 A7 BD D9 4C 89 3E   34 16 75 BF 9B 45 7E 30 .....L.>4.u..E.0
00E0: 26 2D CD 62 93 F8 19 16   2F 67 B0 20 2D ED 22 35 &-.b..../g. -."5
00F0: 20 12 33 CE 45 53 D5 F2   92 85 6A E2 2E 0D 84 43   .3.ES....j....C

]
***
http-8080-4, SEND TLSv1 ALERT: fatal, description = certificate_unknown
http-8080-4, WRITE: TLSv1 Alert, length = 2
http-8080-4, called closeSocket()
http-8443-1, READ: TLSv1 Alert, length = 2
http-8443-1, RECV TLSv1 ALERT: fatal, certificate_unknown
http-8080-4, handling exception: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed
http-8443-1, called closeSocket()
http-8443-1, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
http-8443-1, called close()
http-8443-1, called closeInternal(true)
dk.defxws.fedoragsearch.server.errors.FedoraObjectNotFoundException: Fedora Object eims-document:418565 not found at DemoAtDtu; nested exception is:
    javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed
    at dk.defxws.fedoragsearch.server.GenericOperationsImpl.getFoxmlFromPid(GenericOperationsImpl.java:340)
    at dk.defxws.fgssolr.OperationsImpl.fromPid(OperationsImpl.java:389)
    at dk.defxws.fgssolr.OperationsImpl.updateIndex(OperationsImpl.java:241)
    at dk.defxws.fedoragsearch.server.GenericOperationsImpl.updateIndex(GenericOperationsImpl.java:308)
    at dk.defxws.fedoragsearch.server.RESTImpl.updateIndex(RESTImpl.java:261)
    at dk.defxws.fedoragsearch.server.RESTImpl.doGet(RESTImpl.java:114)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:617)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
    at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:567)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
    at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:849)
    at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
    at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:454)
    at java.lang.Thread.run(Thread.java:662)
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed
    at org.apache.axis.AxisFault.makeFault(AxisFault.java:101)
    at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:154)
    at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
    at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
    at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
    at org.apache.axis.client.AxisClient.invoke(AxisClient.java:165)
    at org.apache.axis.client.Call.invokeEngine(Call.java:2784)
    at org.apache.axis.client.Call.invoke(Call.java:2767)
    at org.apache.axis.client.Call.invoke(Call.java:2443)
    at org.apache.axis.client.Call.invoke(Call.java:2366)
    at org.apache.axis.client.Call.invoke(Call.java:1812)
    at fedora.server.management.FedoraAPIMBindingSOAPHTTPStub.export(FedoraAPIMBindingSOAPHTTPStub.java:639)
    at dk.defxws.fedoragsearch.server.GenericOperationsImpl.getFoxmlFromPid(GenericOperationsImpl.java:338)
    ... 20 more
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed
    at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1649)
    at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:241)
    at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:235)
    at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1206)
    at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:136)
    at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593)
    at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:529)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:893)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1138)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1165)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1149)
    at org.apache.axis.components.net.JSSESocketFactory.create(JSSESocketFactory.java:186)
    at org.apache.axis.transport.http.HTTPSender.getSocket(HTTPSender.java:191)
    at org.apache.axis.transport.http.HTTPSender.writeToSocket(HTTPSender.java:404)
    at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:138)
    ... 31 more
Caused by: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed
    at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:289)
    at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:263)
    at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:184)
    at sun.security.validator.Validator.validate(Validator.java:218)
    at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
    at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
    at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
    at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1185)
    ... 42 more
Caused by: java.security.cert.CertPathValidatorException: signature check failed
    at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:139)
    at sun.security.provider.certpath.PKIXCertPathValidator.doValidate(PKIXCertPathValidator.java:328)
    at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:178)
    at java.security.cert.CertPathValidator.validate(CertPathValidator.java:250)
    at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:275)
    ... 49 more
Caused by: java.security.SignatureException: Signature does not match.
    at sun.security.x509.X509CertImpl.verify(X509CertImpl.java:421)
    at sun.security.provider.certpath.BasicChecker.verifySignature(BasicChecker.java:133)
    at sun.security.provider.certpath.BasicChecker.check(BasicChecker.java:112)
    at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:117)
    ... 53 more
Finalizer, called close()
Finalizer, called closeInternal(true)

I'm sorry, but I feel really stuck on this...

Enrico

On 01/27/2012 05:33 PM, Greg Jansen wrote:

Hey Enrico,
I think you have to change which certificate within the keystore is to be used, in tomcat's server.xml file. The default key for tomcat is the first one found in the keystore, so that's probably the original one. You'll need to add a "keyAlias" attribute that points to your self-signed cert.
See http://tomcat.apache.org/tomcat-6.0-doc/config/http.html#SSL_Support

Greg

On 01/27/2012 10:54 AM, Enrico Anello (OEKM) wrote:
Dear all,

I have a fedora installation with embedded tomcat which runs with SSL sharing the default self-signed certificate coming with the installation.
Since I need to change that certificate with another self-signed cert made by myself how can I do it?

I've been digging through and I see that tomcats loads the keystore by those parameters:
-Djavax.net.ssl.trustStore=/var/fedora/server/truststore -Djavax.net.ssl.trustStorePassword=tomcat

I have actually changed that truststore with the one generated by myself but nothing happened; if from the browser I check the certificate it keeps saying that is the default one coming from the original installation!

Any tips?

Thank you and Regards,
Enrico Anello

Food and Agriculture Organization of the United Nations
Via delle terme di Caracalla, 1 - 00100 - Rome (Italy)
------------------------------------------------------------------------------ Try before you buy = See our experts in action! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-dev2 _______________________________________________ Fedora-commons-users mailing list Fedora-commons-users-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org https://lists.sourceforge.net/lists/listinfo/fedora-commons-users

-- ___ Gregory N. Jansen Developer - Carolina Digital Repository UNC Chapel Hill Libraries

------------------------------------------------------------------------------
Try before you buy = See our experts in action!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-dev2

_______________________________________________
Fedora-commons-users mailing list
Fedora-commons-users@...
https://lists.sourceforge.net/lists/listinfo/fedora-commons-users

headers

Burgis, Richard | 3 Feb 15:04

Re: [fcrepo-user] Implementing Content Models

Thanks for pointing me to the logs. The key portion from the logs is
below. I have reviewed each of the objects and cannot find a PID that is
missing a :, nor do I find an el anywhere. The last entry in the log on
Wednesday had the same error, but referred to the DS-Composite-model. 

I appreciate any help.

Thank you
Rich

INFO 2012-02-03 08:38:02.389 [http-bio-8080-exec-70]
(FedoraAccessServlet) Got request:
http://fedora.ats.msu.edu:8080/fedora/get/msu-uahc:UA.6.7-
A.2012.0015-001WARN 2012-02-03 08:38:07.117 [http-bio-8080-exec-74]
(MethodResource) Bad request; unable to fulfill REST API request
java.lang.IllegalArgumentException: Malformed object token: el
	at
org.fcrepo.server.storage.lowlevel.akubra.AkubraLowlevelStorage.getBlobI
d(AkubraLowlevelStorage.java:557) [fcrepo-server-3.5.jar:na]
	at
org.fcrepo.server.storage.lowlevel.akubra.AkubraLowlevelStorage.retrieve
(AkubraLowlevelStorage.java:386) [fcrepo-server-3.5.jar:na]
	at
org.fcrepo.server.storage.lowlevel.akubra.AkubraLowlevelStorage.retrieve
Object(AkubraLowlevelStorage.java:161) [fcrepo-server-3.5.jar:na]
	at
org.fcrepo.server.storage.lowlevel.akubra.AkubraLowlevelStorageModule.re
trieveObject(AkubraLowlevelStorageModule.java:80)
[fcrepo-server-3.5.jar:na]
	at
org.fcrepo.server.storage.DefaultDOManager.getReader(DefaultDOManager.ja
va:648) [fcrepo-server-3.5.jar:na]
	at
org.fcrepo.server.storage.SimpleDOReader.listMethods(SimpleDOReader.java
:472) [fcrepo-server-3.5.jar:na]
	at
org.fcrepo.server.access.DefaultAccess.listMethods(DefaultAccess.java:55
9) [fcrepo-server-3.5.jar:na]
	at
org.fcrepo.server.rest.MethodResource.getObjectMethodsForSDefImpl(Method
Resource.java:112) [fcrepo-server-3.5.jar:na]
	at
org.fcrepo.server.rest.MethodResource.getAllObjectMethods(MethodResource
.java:54) [fcrepo-server-3.5.jar:na]
	at sun.reflect.GeneratedMethodAccessor281.invoke(Unknown Source)
[na:na]
	at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessor
Impl.java:25) [na:1.6.0_25]
	at java.lang.reflect.Method.invoke(Method.java:597)
[na:1.6.0_25]
	at
com.sun.jersey.server.impl.model.method.dispatch.AbstractResourceMethodD
ispatchProvider$ResponseOutInvoker._dispatch(AbstractResourceMethodDispa
tchProvider.java:175) [jersey-bundle-1.0.3.1.jar:1.0.3.1]
	at
com.sun.jersey.server.impl.model.method.dispatch.ResourceJavaMethodDispa
tcher.dispatch(ResourceJavaMethodDispatcher.java:67)
[jersey-bundle-1.0.3.1.jar:1.0.3.1]
	at
com.sun.jersey.server.impl.uri.rules.HttpMethodRule.accept(HttpMethodRul
e.java:163) [jersey-bundle-1.0.3.1.jar:1.0.3.1]
	at
com.sun.jersey.server.impl.uri.rules.ResourceClassRule.accept(ResourceCl
assRule.java:71) [jersey-bundle-1.0.3.1.jar:1.0.3.1]
	at
com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandP
athRule.java:111) [jersey-bundle-1.0.3.1.jar:1.0.3.1]
	at
com.sun.jersey.server.impl.uri.rules.RootResourceClassesRule.accept(Root
ResourceClassesRule.java:63) [jersey-bundle-1.0.3.1.jar:1.0.3.1]
	at
com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest
(WebApplicationImpl.java:689) [jersey-bundle-1.0.3.1.jar:1.0.3.1]
	at
com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(
WebApplicationImpl.java:647) [jersey-bundle-1.0.3.1.jar:1.0.3.1]
	at
com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(
WebApplicationImpl.java:638) [jersey-bundle-1.0.3.1.jar:1.0.3.1]
	at
com.sun.jersey.spi.container.servlet.WebComponent.service(WebComponent.j
ava:309) [jersey-bundle-1.0.3.1.jar:1.0.3.1]
	at
com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletCon
tainer.java:425) [jersey-bundle-1.0.3.1.jar:1.0.3.1]
	at
com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletCon
tainer.java:590) [jersey-bundle-1.0.3.1.jar:1.0.3.1]
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
[servlet-api.jar:na]
	at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Applica
tionFilterChain.java:304) [catalina.jar:7.0.22]
	at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilt
erChain.java:210) [catalina.jar:7.0.22]
	at
org.fcrepo.server.security.servletfilters.FilterRestApiFlash.doFilter(Fi
lterRestApiFlash.java:79) [fcrepo-server-3.5.jar:na]
	at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Applica
tionFilterChain.java:243) [catalina.jar:7.0.22]
	at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilt
erChain.java:210) [catalina.jar:7.0.22]
	at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doF
ilter(FilterChainProxy.java:368)
[spring-security-web-3.0.5.RELEASE.jar:3.0.5.RELEASE]
	at
org.fcrepo.server.security.jaas.AuthFilterJAAS.doFilter(AuthFilterJAAS.j
ava:330) [fcrepo-security-jaas-3.5.jar:na]
	at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doF
ilter(FilterChainProxy.java:380)
[spring-security-web-3.0.5.RELEASE.jar:3.0.5.RELEASE]
	at
org.springframework.security.web.access.channel.ChannelProcessingFilter.
doFilter(ChannelProcessingFilter.java:109)
[spring-security-web-3.0.5.RELEASE.jar:3.0.5.RELEASE]
	at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doF
ilter(FilterChainProxy.java:380)
[spring-security-web-3.0.5.RELEASE.jar:3.0.5.RELEASE]
	at
org.springframework.security.web.FilterChainProxy.doFilter(FilterChainPr
oxy.java:169) [spring-security-web-3.0.5.RELEASE.jar:3.0.5.RELEASE]
	at
org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(Dele
gatingFilterProxy.java:237) [spring-web-3.0.5.RELEASE.jar:3.0.5.RELEASE]
	at
org.springframework.web.filter.DelegatingFilterProxy.doFilter(Delegating
FilterProxy.java:167) [spring-web-3.0.5.RELEASE.jar:3.0.5.RELEASE]
	at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Applica
tionFilterChain.java:243) [catalina.jar:7.0.22]
	at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilt
erChain.java:210) [catalina.jar:7.0.22]
	at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValv
e.java:224) [catalina.jar:7.0.22]
	at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValv
e.java:169) [catalina.jar:7.0.22]
	at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(Authenticator
Base.java:472) [catalina.jar:7.0.22]
	at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java
:168) [catalina.jar:7.0.22]
	at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java
:100) [catalina.jar:7.0.22]
	at
org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:929
) [catalina.jar:7.0.22]
	at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.
java:118) [catalina.jar:7.0.22]
	at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:4
05) [catalina.jar:7.0.22]
	at
org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11P
rocessor.java:964) [tomcat-coyote.jar:7.0.22]
	at
org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(Abs
tractProtocol.java:515) [tomcat-coyote.jar:7.0.22]
	at
org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.j
ava:304) [tomcat-coyote.jar:7.0.22]
	at
java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecuto
r.java:886) [na:1.6.0_25]
	at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.ja
va:908) [na:1.6.0_25]
	at java.lang.Thread.run(Thread.java:662) [na:1.6.0_25]
Caused by: org.fcrepo.common.MalformedPIDException: PID delimiter (:) is
missing.
	at org.fcrepo.common.PID.normalize(PID.java:167)
[fcrepo-common-3.5.jar:na]
	at org.fcrepo.common.PID.<init>(PID.java:69)
[fcrepo-common-3.5.jar:na]
	at
org.fcrepo.server.storage.lowlevel.akubra.AkubraLowlevelStorage.getBlobI
d(AkubraLowlevelStorage.java:544) [fcrepo-server-3.5.jar:na]
	... 53 common frames omitted

-----Original Message-----
From: ajs6f@...
[mailto:ajs6f@...] 
Sent: Thursday, February 02, 2012 10:41 AM
To: Support and info exchange list for Fedora users.
Subject: Re: [fcrepo-user] Implementing Content Models

A section from your Fedora log that shows what happens when you try to
access the method list would be very helpful. It should be available in
$YOUR_FEDORA_HOME/server/logs/fedora.log.

---
A. Soroka
Online Library Environment
the University of Virginia Library

On Feb 1, 2012, at 3:37 PM, Burgis, Richard wrote:

> I am trying to implement a content model based on example 3 in the
tutorial.
>  
> I initially tried to simply change the names and the argument names.
>  
> I've made several other attempts including using the EZDef.xsl and
EZDep.xsl tools. In all cases when I try to view the method list, I get
an Http 400 error.
>  
> I've successfully attached the example SDef, SDep and CModel to my
objects, but I cannot get even a simple variation to work.
>  
> Is there some obvious thing that I'm overlooking? I'd be happy to post
my  data streams if that would help.
>  
> Thank you very much
> Rich
>
------------------------------------------------------------------------
------
> Keep Your Developer Skills Current with LearnDevNow!
> The most comprehensive online learning library for Microsoft
developers
> is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3,
MVC3,
> Metro Style Apps, more. Free future releases when you subscribe now!
>
http://p.sf.net/sfu/learndevnow-d2d_____________________________________
__________
> Fedora-commons-users mailing list
> Fedora-commons-users@...
> https://lists.sourceforge.net/lists/listinfo/fedora-commons-users

------------------------------------------------------------------------
------
Keep Your Developer Skills Current with LearnDevNow!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-d2d
_______________________________________________
Fedora-commons-users mailing list
Fedora-commons-users@...
https://lists.sourceforge.net/lists/listinfo/fedora-commons-users

------------------------------------------------------------------------------
Try before you buy = See our experts in action!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-dev2

headers

Greg Jansen | 3 Feb 15:25

Re: [fcrepo-user] Change default self-signed certificate

If I recall correctly, Fedora has two trust stores of it's own. One is in fedora/server and the other is in fedora/client. I suspect that this will work once you add the certificate to the client truststore, since gsearch is probably using the web APIs to build the index.
Greg

On 02/03/2012 08:44 AM, Enrico Anello (OEKM) wrote:

Hi Greg,
Sorry for bothering again on the same issue.
Since I modified the self-signed certificate I can't make gsearch working anymore.
The exception throw is always:

Fedora Object xxxxxxxxxx not found at DemoAtDtu; nested exception is: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed

I have configured tomcat to load the keystore where the self-signed certificate is in and to load a custom truststore where I trusted that certificate. I have also ran tomcat with ssl debug options and here is the result:

Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
http-8443-1, setSoTimeout(60000) called
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1328210885 bytes = { 67, 138, 70, 121, 118, 92, 54, 158, 143, 142, 85, 65, 104, 198, 105, 187, 13, 101, 245, 198, 200, 96, 231, 127, 90, 242, 78, 197 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods: { 0 }
***
http-8080-4, WRITE: TLSv1 Handshake, length = 75
http-8080-4, WRITE: SSLv2 client hello message, length = 101
http-8443-1, READ: SSL v2, contentType = Handshake, translated length = 75
*** ClientHello, TLSv1
RandomCookie: GMT: 1328210885 bytes = { 67, 138, 70, 121, 118, 92, 54, 158, 143, 142, 85, 65, 104, 198, 105, 187, 13, 101, 245, 198, 200, 96, 231, 127, 90, 242, 78, 197 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods: { 0 }
***
%% Created: [Session-16, SSL_RSA_WITH_RC4_128_MD5]
*** ServerHello, TLSv1
RandomCookie: GMT: 1328210885 bytes = { 47, 120, 37, 197, 62, 247, 95, 232, 197, 6, 103, 66, 150, 175, 138, 223, 116, 114, 9, 89, 159, 191, 149, 137, 73, 59, 122, 65 }
Session ID: {79, 43, 228, 197, 44, 49, 31, 110, 59, 165, 112, 152, 100, 250, 225, 128, 224, 239, 110, 235, 136, 192, 171, 142, 185, 238, 215, 99, 144, 238, 33, 131}
Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
Compression Method: 0
Extension renegotiation_info, renegotiated_connection: <empty>
***
Cipher suite: SSL_RSA_WITH_RC4_128_MD5
*** Certificate chain
chain [0] = [
[
Version: V1
Subject: CN=esx-fao.cilea.it, OU=OEKMI, O=FAO, L=Rome, ST=Italy, C=IT
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

Key: Sun RSA public key, 2048 bits
modulus: 17661593669421858218411695598553797822920372273555124371461037567902617101375504162491484973176890789579620089972944454891564865544786573612037968012019305163894378123784419527375220478530403364569016018453996686344369362921581597920769643751454368493077782536030400938009459107928045222069203207445307480604767696747643641235711336095880000296052166470303956724650011167885232993976903037401782809172246342969503969643912804519781046798499462554025521745428121941174946483101336873991433783598519754951275915999306443219649393264403734713231147801316173857847931988613935558702770768716915959357700644451196891575503
public exponent: 65537
Validity: [From: Fri Jan 27 17:37:34 CET 2012,
               To: Sat Jan 26 17:37:34 CET 2013]
Issuer: CN=esx-fao.cilea.it, OU=OEKMI, O=FAO, L=Rome, ST=Italy, C=IT
SerialNumber: [    4f22d2ce]

]
Algorithm: [SHA1withRSA]
Signature:
0000: 2D 40 00 D7 8F F5 A4 85   F2 1B 72 AF C3 BC DE 8D - <at> ........r.....
0010: E5 50 9E 0D 63 CC D2 D6   4B C3 D0 55 B1 A8 76 12 .P..c...K..U..v.
0020: 3C 8A BE 7D E9 D4 25 E3   3F C1 2B 23 B7 19 10 97 <.....%.?.+#....
0030: 20 53 F7 7B 01 47 15 8F   2C 87 BB B9 02 D4 A7 8D   S...G..,.......
0040: 63 30 29 17 8B CA 71 6B   2B 56 7C 7D A7 B5 C4 90 c0)...qk+V......
0050: B3 4A 30 9A 24 BE E5 01   49 6E 98 BF 2D C1 36 4E .J0.$...In..-.6N
0060: C4 B1 EF 21 B1 4E C0 C8   44 79 ED 8B BE E0 52 46 ...!.N..Dy....RF
0070: 87 73 B0 40 7E AC AF 9E   3A 3F 1B 47 01 C8 75 8A .s. <at> ....:?.G..u.
0080: 9D C3 AA E1 BA 24 99 45   59 B5 D6 14 5E 1E 92 6A .....$.EY...^..j
0090: F6 67 B0 D9 70 1D C7 45   95 DB BE D3 D8 25 0F 5B .g..p..E.....%.[
00A0: 17 E4 2F 73 7D 99 84 14   82 E8 C7 60 84 3E 54 94 ../s.......`.>T.
00B0: 0E AF 08 C0 0D 91 00 F2   55 3F AA D3 5D 37 28 35 ........U?..]7(5
00C0: 49 52 D0 BD 69 70 74 FD   4C BF 2C 13 EA AD 65 36 IR..ipt.L.,...e6
00D0: 92 D3 A7 BD D9 4C 89 3E   34 16 75 BF 9B 45 7E 30 .....L.>4.u..E.0
00E0: 26 2D CD 62 93 F8 19 16   2F 67 B0 20 2D ED 22 35 &-.b..../g. -."5
00F0: 20 12 33 CE 45 53 D5 F2   92 85 6A E2 2E 0D 84 43   .3.ES....j....C

]
***
*** ServerHelloDone
http-8443-1, WRITE: TLSv1 Handshake, length = 932
http-8080-4, READ: TLSv1 Handshake, length = 932
*** ServerHello, TLSv1
RandomCookie: GMT: 1328210885 bytes = { 47, 120, 37, 197, 62, 247, 95, 232, 197, 6, 103, 66, 150, 175, 138, 223, 116, 114, 9, 89, 159, 191, 149, 137, 73, 59, 122, 65 }
Session ID: {79, 43, 228, 197, 44, 49, 31, 110, 59, 165, 112, 152, 100, 250, 225, 128, 224, 239, 110, 235, 136, 192, 171, 142, 185, 238, 215, 99, 144, 238, 33, 131}
Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
Compression Method: 0
Extension renegotiation_info, renegotiated_connection: <empty>
***
%% Created: [Session-17, SSL_RSA_WITH_RC4_128_MD5]
** SSL_RSA_WITH_RC4_128_MD5
*** Certificate chain
chain [0] = [
[
Version: V1
Subject: CN=esx-fao.cilea.it, OU=OEKMI, O=FAO, L=Rome, ST=Italy, C=IT
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

Key: Sun RSA public key, 2048 bits
modulus: 17661593669421858218411695598553797822920372273555124371461037567902617101375504162491484973176890789579620089972944454891564865544786573612037968012019305163894378123784419527375220478530403364569016018453996686344369362921581597920769643751454368493077782536030400938009459107928045222069203207445307480604767696747643641235711336095880000296052166470303956724650011167885232993976903037401782809172246342969503969643912804519781046798499462554025521745428121941174946483101336873991433783598519754951275915999306443219649393264403734713231147801316173857847931988613935558702770768716915959357700644451196891575503
public exponent: 65537
Validity: [From: Fri Jan 27 17:37:34 CET 2012,
               To: Sat Jan 26 17:37:34 CET 2013]
Issuer: CN=esx-fao.cilea.it, OU=OEKMI, O=FAO, L=Rome, ST=Italy, C=IT
SerialNumber: [    4f22d2ce]

]
Algorithm: [SHA1withRSA]
Signature:
0000: 2D 40 00 D7 8F F5 A4 85   F2 1B 72 AF C3 BC DE 8D - <at> ........r.....
0010: E5 50 9E 0D 63 CC D2 D6   4B C3 D0 55 B1 A8 76 12 .P..c...K..U..v.
0020: 3C 8A BE 7D E9 D4 25 E3   3F C1 2B 23 B7 19 10 97 <.....%.?.+#....
0030: 20 53 F7 7B 01 47 15 8F   2C 87 BB B9 02 D4 A7 8D   S...G..,.......
0040: 63 30 29 17 8B CA 71 6B   2B 56 7C 7D A7 B5 C4 90 c0)...qk+V......
0050: B3 4A 30 9A 24 BE E5 01   49 6E 98 BF 2D C1 36 4E .J0.$...In..-.6N
0060: C4 B1 EF 21 B1 4E C0 C8   44 79 ED 8B BE E0 52 46 ...!.N..Dy....RF
0070: 87 73 B0 40 7E AC AF 9E   3A 3F 1B 47 01 C8 75 8A .s. <at> ....:?.G..u.
0080: 9D C3 AA E1 BA 24 99 45   59 B5 D6 14 5E 1E 92 6A .....$.EY...^..j
0090: F6 67 B0 D9 70 1D C7 45   95 DB BE D3 D8 25 0F 5B .g..p..E.....%.[
00A0: 17 E4 2F 73 7D 99 84 14   82 E8 C7 60 84 3E 54 94 ../s.......`.>T.
00B0: 0E AF 08 C0 0D 91 00 F2   55 3F AA D3 5D 37 28 35 ........U?..]7(5
00C0: 49 52 D0 BD 69 70 74 FD   4C BF 2C 13 EA AD 65 36 IR..ipt.L.,...e6
00D0: 92 D3 A7 BD D9 4C 89 3E   34 16 75 BF 9B 45 7E 30 .....L.>4.u..E.0
00E0: 26 2D CD 62 93 F8 19 16   2F 67 B0 20 2D ED 22 35 &-.b..../g. -."5
00F0: 20 12 33 CE 45 53 D5 F2   92 85 6A E2 2E 0D 84 43   .3.ES....j....C

]
***
http-8080-4, SEND TLSv1 ALERT: fatal, description = certificate_unknown
http-8080-4, WRITE: TLSv1 Alert, length = 2
http-8080-4, called closeSocket()
http-8443-1, READ: TLSv1 Alert, length = 2
http-8443-1, RECV TLSv1 ALERT: fatal, certificate_unknown
http-8080-4, handling exception: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed
http-8443-1, called closeSocket()
http-8443-1, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
http-8443-1, called close()
http-8443-1, called closeInternal(true)
dk.defxws.fedoragsearch.server.errors.FedoraObjectNotFoundException: Fedora Object eims-document:418565 not found at DemoAtDtu; nested exception is:
    javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed
    at dk.defxws.fedoragsearch.server.GenericOperationsImpl.getFoxmlFromPid(GenericOperationsImpl.java:340)
    at dk.defxws.fgssolr.OperationsImpl.fromPid(OperationsImpl.java:389)
    at dk.defxws.fgssolr.OperationsImpl.updateIndex(OperationsImpl.java:241)
    at dk.defxws.fedoragsearch.server.GenericOperationsImpl.updateIndex(GenericOperationsImpl.java:308)
    at dk.defxws.fedoragsearch.server.RESTImpl.updateIndex(RESTImpl.java:261)
    at dk.defxws.fedoragsearch.server.RESTImpl.doGet(RESTImpl.java:114)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:617)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
    at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:567)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
    at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:849)
    at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
    at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:454)
    at java.lang.Thread.run(Thread.java:662)
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed
    at org.apache.axis.AxisFault.makeFault(AxisFault.java:101)
    at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:154)
    at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
    at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
    at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
    at org.apache.axis.client.AxisClient.invoke(AxisClient.java:165)
    at org.apache.axis.client.Call.invokeEngine(Call.java:2784)
    at org.apache.axis.client.Call.invoke(Call.java:2767)
    at org.apache.axis.client.Call.invoke(Call.java:2443)
    at org.apache.axis.client.Call.invoke(Call.java:2366)
    at org.apache.axis.client.Call.invoke(Call.java:1812)
    at fedora.server.management.FedoraAPIMBindingSOAPHTTPStub.export(FedoraAPIMBindingSOAPHTTPStub.java:639)
    at dk.defxws.fedoragsearch.server.GenericOperationsImpl.getFoxmlFromPid(GenericOperationsImpl.java:338)
    ... 20 more
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed
    at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1649)
    at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:241)
    at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:235)
    at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1206)
    at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:136)
    at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593)
    at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:529)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:893)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1138)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1165)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1149)
    at org.apache.axis.components.net.JSSESocketFactory.create(JSSESocketFactory.java:186)
    at org.apache.axis.transport.http.HTTPSender.getSocket(HTTPSender.java:191)
    at org.apache.axis.transport.http.HTTPSender.writeToSocket(HTTPSender.java:404)
    at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:138)
    ... 31 more
Caused by: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed
    at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:289)
    at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:263)
    at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:184)
    at sun.security.validator.Validator.validate(Validator.java:218)
    at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
    at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
    at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
    at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1185)
    ... 42 more
Caused by: java.security.cert.CertPathValidatorException: signature check failed
    at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:139)
    at sun.security.provider.certpath.PKIXCertPathValidator.doValidate(PKIXCertPathValidator.java:328)
    at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:178)
    at java.security.cert.CertPathValidator.validate(CertPathValidator.java:250)
    at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:275)
    ... 49 more
Caused by: java.security.SignatureException: Signature does not match.
    at sun.security.x509.X509CertImpl.verify(X509CertImpl.java:421)
    at sun.security.provider.certpath.BasicChecker.verifySignature(BasicChecker.java:133)
    at sun.security.provider.certpath.BasicChecker.check(BasicChecker.java:112)
    at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:117)
    ... 53 more
Finalizer, called close()
Finalizer, called closeInternal(true)

I'm sorry, but I feel really stuck on this...

Enrico

On 01/27/2012 05:33 PM, Greg Jansen wrote:
Hey Enrico,
I think you have to change which certificate within the keystore is to be used, in tomcat's server.xml file. The default key for tomcat is the first one found in the keystore, so that's probably the original one. You'll need to add a "keyAlias" attribute that points to your self-signed cert.
See http://tomcat.apache.org/tomcat-6.0-doc/config/http.html#SSL_Support

Greg

On 01/27/2012 10:54 AM, Enrico Anello (OEKM) wrote:
Dear all,

I have a fedora installation with embedded tomcat which runs with SSL sharing the default self-signed certificate coming with the installation.
Since I need to change that certificate with another self-signed cert made by myself how can I do it?

I've been digging through and I see that tomcats loads the keystore by those parameters:
-Djavax.net.ssl.trustStore=/var/fedora/server/truststore -Djavax.net.ssl.trustStorePassword=tomcat

I have actually changed that truststore with the one generated by myself but nothing happened; if from the browser I check the certificate it keeps saying that is the default one coming from the original installation!

Any tips?

Thank you and Regards,
Enrico Anello

Food and Agriculture Organization of the United Nations
Via delle terme di Caracalla, 1 - 00100 - Rome (Italy)
------------------------------------------------------------------------------ Try before you buy = See our experts in action! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-dev2 _______________________________________________ Fedora-commons-users mailing list Fedora-commons-users-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org https://lists.sourceforge.net/lists/listinfo/fedora-commons-users

-- ___ Gregory N. Jansen Developer - Carolina Digital Repository UNC Chapel Hill Libraries

------------------------------------------------------------------------------ Try before you buy = See our experts in action! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-dev2 _______________________________________________ Fedora-commons-users mailing list Fedora-commons-users-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org https://lists.sourceforge.net/lists/listinfo/fedora-commons-users

-- ___ Gregory N. Jansen Developer - Carolina Digital Repository UNC Chapel Hill Libraries

------------------------------------------------------------------------------
Try before you buy = See our experts in action!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-dev2

_______________________________________________
Fedora-commons-users mailing list
Fedora-commons-users@...
https://lists.sourceforge.net/lists/listinfo/fedora-commons-users

23	May 2012
60	April 2012
85	March 2012
90	February 2012
122	January 2012
61	December 2011
113	November 2011
105	October 2011
74	September 2011
88	August 2011
84	July 2011
114	June 2011
135	May 2011
72	April 2011
103	March 2011
73	February 2011
114	January 2011
143	December 2010
146	November 2010
169	October 2010
70	September 2010
107	August 2010
60	July 2010
74	June 2010
84	May 2010
90	April 2010
90	March 2010
55	February 2010
49	January 2010
74	December 2009
29	November 2009
48	October 2009
88	September 2009
58	August 2009
83	July 2009
106	June 2009
109	May 2009
91	April 2009
93	March 2009
67	February 2009
67	January 2009
80	December 2008
86	November 2008
84	October 2008
58	September 2008
85	August 2008
64	July 2008
96	June 2008
66	May 2008
102	April 2008
58	March 2008
51	February 2008
117	January 2008
78	December 2007
51	November 2007
83	October 2007
60	September 2007
86	August 2007
101	July 2007
43	June 2007
77	May 2007
54	April 2007
54	March 2007
65	February 2007
83	January 2007
46	December 2006
88	November 2006
65	October 2006
103	September 2006
103	August 2006
86	July 2006
78	June 2006
160	May 2006
116	April 2006
120	March 2006
164	February 2006
69	January 2006
68	December 2005
143	November 2005
64	October 2005
51	September 2005
42	August 2005
49	July 2005
43	June 2005
80	May 2005
58	April 2005
35	March 2005
76	February 2005
7	January 2005
9	December 2004
11	November 2004
8	October 2004
17	September 2004
29	August 2004
28	July 2004
33	June 2004
23	May 2004
20	April 2004
37	March 2004
23	February 2004
31	January 2004
21	December 2003
30	November 2003
11	October 2003
34	September 2003
23	August 2003
9	July 2003
13	June 2003
7	May 2003

Mon	Tue	Wed	Thu	Fri	Sat	Sun

		1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29