Hello,
I'm trying to set up OTAG proxy for accessing Content Server. I have OTAG running on Tomcat (hosts otag, runs on 8080 and 8443) with self signed certificate as well as IIS (that hosts CS, runs on 80 and 443) with self signed certificate. In proxy configuration i've specified very simple parameters:
- Allowed path patterns: otcs/* img/*
- Proxy mappings: otcs=win2008r2/otcs img=win2008r2/img
If i access CS using HTTP (http://win2008r2:8080/otcs/cs.exe) then i get CS login page and all seems to be working correctly. However when i try the same with HTTPS (https://win2008r2:8443/otcs/cs.exe) i get 500 error in browser and in Tomcat catalina log:
Jun 12, 2014 4:07:03 PM net.sf.j2ep.ProxyFilter rewrite
SEVERE: Problem probably with the input being send, either with a Header or the Stream
javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
at sun.security.ssl.SSLSessionImpl.getPeerCertificates(Unknown Source)
at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128)
at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:390)
at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:148)
at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:149)
at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:121)
at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:561)
at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:415)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:820)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:754)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:732)
at net.sf.j2ep.ProxyFilter.executeRequest(ProxyFilter.java:206)
at net.sf.j2ep.ProxyFilter.rewrite(ProxyFilter.java:139)
at net.sf.j2ep.ProxyFilter.doFilter(ProxyFilter.java:122)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at net.sf.j2ep.RewriteFilter.doFilter(RewriteFilter.java:86)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at com.opentext.otag.rest.apps.AppFilter.doFilter(AppFilter.java:99)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:501)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1040)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:607)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:313)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Both certificates (IIS and Tomcat) i've imported in all known keystores (JRE, JDK, CS JRE, Tomcat keystore) with -trustcacerts switch and in Windows Trusted Root CA.
Am i missing something here? Can OTAG proxy work with HTTPS at all? Any hints are welcome.
Thanks,
Ugis
