guacamole-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nick Couchman <vn...@apache.org>
Subject Re: Guacamole Dropping Connections
Date Thu, 12 Oct 2017 16:56:40 GMT
On Thu, Oct 12, 2017 at 12:52 PM, Carter Sema <CSema@acschools.org> wrote:

> Installed Fresh Guacamole 0.9.13, using mysql database backend for user
> and LetsEncrypt! For SSL with Apache2 for a reverse proxy. Guacamole won’t
> allow sessions to connect. Checked my catalina.out log and I’m seeing the
> following error
>
>
>
> 12:05:27.501 [http-nio-8080-exec-1] ERROR o.a.g.s.GuacamoleHTTPTunnelServlet
> - HTTP tunnel request failed: javax.net.ssl.SSLHandshakeException:
> sun.security.validator.ValidatorException: PKIX path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to
> find valid certification path to requested target
>
> 12:06:26.882 [http-nio-8080-exec-9] ERROR o.a.g.s.GuacamoleHTTPTunnelServlet
> - HTTP tunnel request failed: javax.net.ssl.SSLHandshakeException:
> sun.security.validator.ValidatorException: PKIX path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to
> find valid certification path to requested target
>
>
>
 This seems to indicate that Java does not trust whatever certificate
you're using.  You might need to import either the server certificate or
the root certificate for that server cert into the Java keystore.  This
will vary based on what type/version of Java you're using - in the
Sun/Oracle versions of Java, if you look in the JRE base directory, under
lib/security, you'll find a cacerts file that contains known CA
certificates.  You can use the keytool binary to import your certificate(s)
into that file, then restart Tomcat.  OpenJDK maintains a file somewhere
else, and that depends on what Linux distribution you're using.

-Nick

>

Mime
View raw message