1 Reply Latest reply: Feb 19, 2010 1:24 PM by 807574 RSS

    Portal install with HTTPS enabled Access Manager

    807574
      I have tried to reconfigure AM configuration from HTTP to HTTPS by doing the following:

      1. Installed root CA cert into Sun Web Server 7
      2. Installed CA issued server cert into Sun Web Server 7
      3. Logged into AM console and changed the instance name under platform
      - http://server.example.com:80 --> https://server.example.com:443
      4. Changed all instances of http and :80 to https and :443 in the AMconfig.properties file
      5. Bounced web server

      The console is now accessible by HTTPS URL and everything else seems to be working but when I try to configure a Sun Portal instance using a customized example.xml file, I get the following errors in the AM debug files (Portal fails to configure):

      amNaming:
      02/16/2010 04:54:53:011 AM GMT: Thread[main,5,main]
      ERROR: updateNamingTable : Naming Service is not available.
      02/16/2010 04:54:53:023 AM GMT: Thread[main,5,main]
      ERROR: Naming service connection failed for https://server.example.com:443/amserver/namingservice
      com.iplanet.services.comm.client.SendRequestException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
      at com.iplanet.services.comm.client.PLLClient.send(PLLClient.java:214)
      at com.iplanet.services.comm.client.PLLClient.send(PLLClient.java:100)
      at com.iplanet.services.naming.WebtopNaming.getNamingTable(WebtopNaming.java:640)
      at com.iplanet.services.naming.WebtopNaming.updateNamingTable(WebtopNaming.java:678)
      at com.iplanet.services.naming.WebtopNaming.getNamingProfile(WebtopNaming.java:603)
      at com.iplanet.services.naming.WebtopNaming.getServiceAllURLs(WebtopNaming.java:309)
      at com.sun.identity.authentication.AuthContext.login(AuthContext.java:513)
      at com.sun.identity.authentication.AuthContext.login(AuthContext.java:356)
      at com.sun.portal.util.SSOUtil.createSSOToken(Unknown Source)
      at com.sun.portal.fabric.config.ValidatePortalInputData.validateAMSDK(Unknown Source)
      at com.sun.portal.fabric.config.ValidatePortalInputData.<init>(Unknown Source)
      at com.sun.portal.fabric.config.ConfigurePortal.main(Unknown Source)


      amAuthContext:
      ********************************************
      02/16/2010 04:54:53:012 AM GMT: Thread[main,5,main]
      ERROR: Failed to obtain auth service url from server: https://server.example.com:443

      Do I need to doing with the CA cert with Portal?

      Thanks in advance.
        • 1. Re: Portal install with HTTPS enabled Access Manager
          807574
          here is the Portal config log:

          [#|2010-02-19T19:19:43.731+0000|SEVERE|SJS Portal Server|debug.com.sun.portal.fabric.config|ThreadID=10; ClassName=com.sun.portal.fabric.config.PortalConfigurator; MethodName=getMbeanServerConnection; |PSFB_CSPFC0026:*Failed getting the MbeanServerConnection*
          javax.management.remote.JMXProviderException: java.lang.SecurityException: authentication failure: Authentication failed: Failed to create new Authentication Context: Naming Service is not available.
          at com.sun.cacao.agent.impl.AbstractCacaoConnectorProvider.newJMXConnector(AbstractCacaoConnectorProvider.java:383)
          at com.sun.cacao.agent.impl.CacaoJmxConnectorProvider.newJMXConnector(CacaoJmxConnectorProvider.java:149)
          at javax.management.remote.JMXConnectorFactory.getConnectorAsService(JMXConnectorFactory.java:415)
          at javax.management.remote.JMXConnectorFactory.newJMXConnector(JMXConnectorFactory.java:307)
          at javax.management.remote.JMXConnectorFactory.connect(JMXConnectorFactory.java:247)
          at com.sun.portal.admin.common.util.AdminUtil.getConnector(Unknown Source)
          at com.sun.portal.admin.common.util.AdminClientUtil.getJMXConnector(Unknown Source)
          at com.sun.portal.fabric.config.PortalConfigurator.getMbeanServerConnection(Unknown Source)
          at com.sun.portal.fabric.config.ConfigurePortal.main(Unknown Source)
          Caused by: java.lang.SecurityException: java.lang.SecurityException: authentication failure: Authentication failed: Failed to create new Authentication Context: Naming Service is not available.
          at com.sun.jmx.remote.opt.security.AdminClient.throwExceptionOnError(AdminClient.java:337)
          at com.sun.jmx.remote.opt.security.AdminClient.connectionOpen(AdminClient.java:178)
          at com.sun.jmx.remote.generic.ClientSynchroMessageConnectionImpl.connect(ClientSynchroMessageConnectionImpl.java:72)
          at javax.management.remote.generic.GenericConnector.connect(GenericConnector.java:177)
          at javax.management.remote.jmxmp.JMXMPConnector.connect(JMXMPConnector.java:119)
          at javax.management.remote.JMXConnectorFactory.connect(JMXConnectorFactory.java:248)
          at com.sun.cacao.agent.JmxClient.getUnknownJmxClientConnection(JmxClient.java:953)
          at com.sun.cacao.agent.impl.CacaoJmxConnectorProvider.getUnknownJmxClientConnector(CacaoJmxConnectorProvider.java:220)
          at com.sun.cacao.agent.impl.AbstractCacaoConnectorProvider.newJMXConnector(AbstractCacaoConnectorProvider.java:357)
          ... 8 more
          |#]

          [#|2010-02-19T19:19:43.733+0000|SEVERE|SJS Portal Server|debug.com.sun.portal.fabric.config|ThreadID=10; ClassName=com.sun.portal.fabric.config.ConfigurePortal; MethodName=main; |PSFB_CSPFC0014:Failed configuring Portal Server!!
          com.sun.portal.fabric.tasks.ConfigurationException: javax.management.remote.JMXProviderException: java.lang.SecurityException: authentication failure: Authentication failed: Failed to create new Authentication Context: Naming Service is not available.
          at com.sun.portal.fabric.config.PortalConfigurator.getMbeanServerConnection(Unknown Source)
          at com.sun.portal.fabric.config.ConfigurePortal.main(Unknown Source)
          Caused by: javax.management.remote.JMXProviderException: java.lang.SecurityException: authentication failure: Authentication failed: Failed to create new Authentication Context: Naming Service is not available.
          at com.sun.cacao.agent.impl.AbstractCacaoConnectorProvider.newJMXConnector(AbstractCacaoConnectorProvider.java:383)
          at com.sun.cacao.agent.impl.CacaoJmxConnectorProvider.newJMXConnector(CacaoJmxConnectorProvider.java:149)
          at javax.management.remote.JMXConnectorFactory.getConnectorAsService(JMXConnectorFactory.java:415)
          at javax.management.remote.JMXConnectorFactory.newJMXConnector(JMXConnectorFactory.java:307)
          at javax.management.remote.JMXConnectorFactory.connect(JMXConnectorFactory.java:247)
          at com.sun.portal.admin.common.util.AdminUtil.getConnector(Unknown Source)
          at com.sun.portal.admin.common.util.AdminClientUtil.getJMXConnector(Unknown Source)
          ... 2 more
          Caused by: java.lang.SecurityException: java.lang.SecurityException: authentication failure: Authentication failed: Failed to create new Authentication Context: Naming Service is not available.
          at com.sun.jmx.remote.opt.security.AdminClient.throwExceptionOnError(AdminClient.java:337)
          at com.sun.jmx.remote.opt.security.AdminClient.connectionOpen(AdminClient.java:178)
          at com.sun.jmx.remote.generic.ClientSynchroMessageConnectionImpl.connect(ClientSynchroMessageConnectionImpl.java:72)
          at javax.management.remote.generic.GenericConnector.connect(GenericConnector.java:177)
          at javax.management.remote.jmxmp.JMXMPConnector.connect(JMXMPConnector.java:119)
          at javax.management.remote.JMXConnectorFactory.connect(JMXConnectorFactory.java:248)
          at com.sun.cacao.agent.JmxClient.getUnknownJmxClientConnection(JmxClient.java:953)
          at com.sun.cacao.agent.impl.CacaoJmxConnectorProvider.getUnknownJmxClientConnector(CacaoJmxConnectorProvider.java:220)
          at com.sun.cacao.agent.impl.AbstractCacaoConnectorProvider.newJMXConnector(AbstractCacaoConnectorProvider.java:357)