1

I have 2 servers. Server1 is an Ubuntu 12.04 LTS with Alfresco 4.2 on Tomcat. Server2 is a Windows 7 with my CAS server (SSO) on eclipse installation. Both have apache with mod proxy AJP in front to negotiate SSL.

Alfresco on server1.tld return CAS on server2.tld. But when I log me in, Alfresco/tomcat on server1 return an exception :

java.lang.RuntimeException: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No name matching server2.tld found

Vhost on server1 :

<VirtualHost *:80>
  ServerName server1.tld
  Redirect permanent / https://server1.tld/
</VirtualHost>
<VirtualHost *:443>
  ServerName server1
  ServerAdmin user@exemple.tld
  DocumentRoot "/home/user/alfresco-4.2.e/"
  CustomLog /var/log/apache2/access.ged.log combined
  ErrorLog /var/log/apache2/errors.ged.log
  Header Always set Cache-Control "no-cache,no-store"
  Header Always set Pragma "no-cache"
  Header Always set Expires 0    
  RewriteEngine On
  ProxyPass / ajp://server1.tld:8039/
        ProxyPassreverse / ajp://server1.tld:8039/
        SSLEngine on
        SSLProtocol all -SSLv2
  SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
        SSLCertificateFile /etc/ssl/certs/server1.tld.crt
        SSLCertificateKeyFile /etc/ssl/private/server1.tld.pem
        SSLCACertificateFile /etc/ssl/certs/ca.crt
        SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
</VirtualHost>

Vhost on server2 :

<VirtualHost *:80>
  ServerName server2.tld
  Redirect permanent / https://server2.tld
</VirtualHost>
<VirtualHost *:443>
  ServerName server2.tld
  ServerAdmin user@exemple.tld
  DocumentRoot "C:\Users\user\eclipse\sso-cas\cas.web"
  CustomLog logs/access.cas.log combined
  ErrorLog logs/errors.cas.log
  Header Always set Cache-Control "no-cache,no-store"
  Header Always set Pragma "no-cache"
  Header Always set Expires 0
  RewriteEngine On
  ProxyPass / ajp://server2.tld:8029/
    ProxyPassreverse / ajp://server2.tld:8029/
    SSLEngine on
    SSLProtocol all -SSLv2
  SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
  SSLCertificateFile "C:\Program Files (x86)\Apache Software Foundation\Apache2.2\conf\server2.tld.crt"
  SSLCertificateKeyFile "C:\Program Files (x86)\Apache Software Foundation\Apache2.2\conf\server2.tld.pem"
    SSLCACertificateFile "C:\Program Files (x86)\Apache Software Foundation\Apache2.2\conf\ca.crt"
    SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
</VirtualHost>

How to solve that? Without any code changes in Alfresco if possible.

EDIT

Perhaps the problem is the tomcat server.xml configuration ? Currently configuration on tomcat server1 server.xml :

<Connector port="8039" URIEncoding="UTF-8" protocol="AJP/1.3" redirectPort="8473" />

Currently configuration on tomcat server2 server.xml :

<Connector port="8029" protocol="AJP/1.3" redirectPort="8443"/>

I have no ssl attribute because I think communications between apache and tomcat was non-secure. But is something wrong ?

Design
  • 11
  • 2
  • It looks as if one of your certs misses `server1.tld` in the CN or subject alt name list. – vautee Mar 18 '14 at 15:46
  • Sorry, there is a mistake. The exception concern **server2** on server1: *No name matching server2.tld found* I have just checked Common Name and Internal Name of server2.tld.crt. It's the same. – Design Mar 19 '14 at 08:37

0 Answers0