AnsweredAssumed Answered

Alfresco v5 - login to share fails, using port 443 ssl

Question asked by adoshea on May 28, 2015
Latest reply on Feb 9, 2016 by darminm
Hi All,

I know that this topic has been covered in some details but I have been unable to resole even after reviewing all of the posts, and now I have come to a point where I need to ask questions to fix it.  I have made changes to share-config-custom.xml and server.xml; and I can connect to the url https://<server name>/alfresco or https://<server name>/share.

I am able to login with using the admin account on <server name>/alfresco but when I try it for <server name>/share I get the following message "The remote server may be unavailable or your authentication details have not been recognised."

When I review the log I see a number of errors relating to "unable to find valid certification path", and I am not sure if this relates to the share login or another problem that I have caused by making a number of config changes.

It would be great if someone could help or point me in the right direction.

Thanks Tony.

File - share-config-custom.xml

   <repository-url>https:/<server name>.<domain>.com/alfresco</repository-url>


   <config evaluator="string-compare" condition="ActivitiAdmin" replace="true">
      <activiti-admin-url>https://localhost:443/alfresco/activiti-admin</activiti-admin-url>
   </config>

   <config evaluator="string-compare" condition="Remote">
      <remote>
         <endpoint>
            <id>alfresco-noauth</id>
            <name>Alfresco - unauthenticated access</name>
            <description>Access to Alfresco Repository WebScripts that do not require authentication</description>
            <connector-id>alfresco</connector-id>
            <endpoint-url>https://localhost:443/alfresco/</endpoint-url>
            <identity>none</identity>
         </endpoint>

         <endpoint>
            <id>alfresco</id>
            <name>Alfresco - user access</name>
            <description>Access to Alfresco Repository WebScripts that require user authentication</description>
            <connector-id>alfresco</connector-id>
            <endpoint-url>https://localhost:443/alfresco/</endpoint-url>
            <identity>user</identity>
         </endpoint>

         <endpoint>
            <id>alfresco-feed</id>
            <name>Alfresco Feed</name>
            <description>Alfresco Feed - supports basic HTTP authentication via the EndPointProxyServlet</description>
            <connector-id>http</connector-id>
            <endpoint-url>https://localhost:443/alfresco/</endpoint-url>
            <basic-auth>true</basic-auth>
            <identity>user</identity>
         </endpoint>

         <endpoint>
            <id>alfresco-api</id>
            <parent-id>alfresco</parent-id>
            <name>Alfresco Public API - user access</name>
            <description>Access to Alfresco Repository Public API that require user authentication.
                         This makes use of the authentication that is provided by parent 'alfresco' endpoint.</description>
            <connector-id>alfresco</connector-id>
            <endpoint-url>https://localhost:443/alfresco/api</endpoint-url>
            <identity>user</identity>
         </endpoint>
      </remote>
   </config>


File - server.xml

   <Connector port="443" URIEncoding="UTF-8" protocol="org.apache.coyote.http11.Http11Protocol"
                SSLEnabled="true"
                maxThreads="150"
                scheme="https"
                keystoreFile="/opt/alfresco-5.0.d/alf_data/keystore/ssl.keystore"
                keystorePass="kT9X6oe68t" keystoreType="JCEKS"
                secure="true"
                connectionTimeout="240000"
                truststoreFile="/opt/alfresco-5.0.d/alf_data/keystore/ssl.truststore"
                truststorePass="kT9X6oe68t" truststoreType="JCEKS"
                clientAuth="want"
                sslProtocol="TLS"
                allowUnsafeLegacyRenegotiation="true"
                maxHttpHeaderSize="32768" />

File - catalina.out
   
2015-05-28 14:27:08,030  INFO  [webscripts.connector.RemoteClient] [http-bio-443-exec-6] Exception calling (POST) https://localhost:443/alfresco//api/login
2015-05-28 14:27:08,030  INFO  [webscripts.connector.RemoteClient] [http-bio-443-exec-6] Error status 500 sun.security.validator.ValidatorException: PKIX path
building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target


2015-05-28 14:27:12,316  INFO  [webscripts.connector.RemoteClient] [http-bio-443-exec-2] Exception calling (GET) https://localhost:443/alfresco//api/admin/restrictions?guest=true
2015-05-28 14:27:12,316  INFO  [webscripts.connector.RemoteClient] [http-bio-443-exec-2] Error status 500 sun.security.validator.ValidatorException:
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Outcomes