[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[THREDDS #ZTB-960075]: Thredds + Apache + SSL



1. you should tell the Army theres no point in using ssl without 
authentication, you are just slowing everything down for no gain.

2. im not really sure if things fail because theres no authentication, or 
because of the self-signed certificate. If you can eliminate one of those 
possibilities, that would be helpful.

> 
> I am partly responsible for administering the server although some
> of the decisions are out of my hands :)
> 
> There are parts of the web site that require authentication but not
> all, or even most, so we try to limit the bits that need it.  We
> need to do everything over https per some Army regulations but can
> thankfully skip the authentication issues for most of our site.
> 
> Hank
> 
> Unidata netCDF Java Support wrote:
> > Just testing the server with a browser:
> >
> > 1. 
> > https://dpg-ingest.dpg.army.mil/thredds/dodsC/nam/20100310_1800_mesoEta_212_33.grib.dds
> > 2. https handshake - self-signed server certificate
> > 3. no authentication challenge
> >
> > My guess is HttpClient wont allow self-signed certificates - i will 
> > investigate.
> >
> > However, the lack of an authentication challenge seems to imply the server 
> > is misconfigured. why would you do http without authentication? Hank, are 
> > you administering this server? Is that your intention?
> >
> >> Hi John,
> >>
> >> John Caron wrote:
> >>> It appears that a browser request also fails, implying that the
> >>> problem is on the server. Can anyone else confirm that? Im at
> >>> the airport over a flaky wireless proxy.
> >> No, once I accepted their self-signed certificate, I have no problem 
> >> accessing their server from my browser. Both catalog:
> >>
> >> https://dpg-ingest.dpg.army.mil/thredds/catalog.xml
> >>
> >> and datasets, e.g.:
> >>
> >> https://dpg-ingest.dpg.army.mil/thredds/dodsC/nam/20100310_1800_mesoEta_212_33.grib.dds
> >>
> >> In ToolsUI, I couldn't get to either. I think because the Jakarta Commons 
> >> HttpClient isn't dealing with certificates or self-signed certificates. 
> >> When it gets to executeMethod() it goes off and returns with a Connection 
> >> Failed exception with a timeout message.
> >>
> >> Ethan
> >
> >
> > Ticket Details
> > ===================
> > Ticket ID: ZTB-960075
> > Department: Support netCDF Java
> > Priority: Urgent
> > Status: Open
> 
> 
> --
> --------------------------------------------------------------
> Hank Fisher         Research Applications Laboratory
> 303-497-2817        National Center for Atmospheric Research
> address@hidden    P.O. Box 3000, Boulder CO 80307-3000
> 
> --------------------------------------------------------------
> 
> 


Ticket Details
===================
Ticket ID: ZTB-960075
Department: Support netCDF Java
Priority: Urgent
Status: Open