[GeoNode-users] Switching to SSL login problems

Dimitris Karakostis karakostis.dimitris at gmail.com
Wed Jun 27 23:52:03 PDT 2018 

Hello Nils,

Regarding adding the python cacerts in python, I have also added the
intermediate certificate. Something like:

*/etc/pki/ca-trust/source/anchors/staging-geonode-wfp-org-intermediate.crt
>> /home/sdi/lib/python2.7/site-packages/httplib2/cacerts.txt*

Regarding adding the certs in the JVM keystore I did something similar to
what you did:
*/path/to/keytool -import -trustcacerts -alias tomcat -file
/etc/pki/ca-trust/source/anchors/staging-geonode-wfp-org.crt -keystore
/home/sdi/.keystore3 -deststoretype pkcs12*

Regarding adding the certs in OS level (Centos), I just had to:
    1. *cp /location/of/ssl/certs/ /etc/pki/ca-trust/source/anchors*
* 2. update-ca-trust*

There I have also added the intermediate certificate.

I would also make sure that tomcat is started with the right user.

Cheers
Dimitris


On Wed, Jun 27, 2018 at 12:01 PM, Nils Noelke <nilsnoelke at googlemail.com>
wrote:

> Hi Dimitris,
> nice to hear that someone else went already through the process.... I also
> add SSL to the keystore of java and python httplib2 using
>
> sudo -s "cat server.crt >> /usr/lib/python2.7/dist-packages/httplib2/cacerts.txt"sudo keytool -import -alias geonodessl -keystore /etc/ssl/certs/java/cacerts -file server.crt
>
>
> For the certificate on Os level I followed: https://askubuntu.com/
> questions/73287/how-do-i-install-a-root-certificate/94861
>
> Did you changed more than which was written in the tutorial? Maybe it has
> to do with proxy settings  you have to enter... i don't know really and i
> have no more idea at moment.
>
> On Tue, Jun 26, 2018 at 9:11 AM Dimitris Karakostis <
> karakostis.dimitris at gmail.com> wrote:
>
>> Hello Nils,
>>
>> I've been through the same process a couple of weeks ago and I also faced
>> the same issue (we have GeoNode 2.4). Eventually Francesco Bartoli
>> recommended to add the SSL certificates apart from the webserver (in my
>> case nginx) also in the keystores of java and the python http module. I
>> have also added the certs in the OS level. After that the  authentication
>> between GeoNode and Geoserver started working again.
>>
>> Let me know if this works for you.
>>
>> Dimitris
>>
>> On Mon, Jun 25, 2018 at 1:24 PM, Nils Noelke <nilsnoelke at googlemail.com>
>> wrote:
>>
>>> Hi,
>>> I recently switched to SSL following the instructions from here:
>>> http://docs.geonode.org/en/master/tutorials/advanced/
>>> geonode_production/ssl.html
>>>
>>> Everything went fine, so I can reach Geonode now by SSL as well as the
>>> Geoserver, but wat is not working anymore is the authentication between
>>> Geonode and Geoserver.
>>> If I open the GeoServer from Geonode as the admin than I'am not logged
>>> in and no layer is displayed
>>>
>>> It seems that the geonodeauth module is able to work with SSL without
>>> changing some settings.
>>>
>>> Does anybody if there are other settings to modify?
>>>
>>> Nils
>>>
>>> _______________________________________________
>>> geonode-users mailing list
>>> geonode-users at lists.osgeo.org
>>> https://lists.osgeo.org/mailman/listinfo/geonode-users
>>>
>>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/geonode-users/attachments/20180628/3f1077ab/attachment.html>

More information about the geonode-users mailing list