JES Calendar Server 6.0 session and ssl errors
HI!
I installed Calendar Server 6.0 on my server. When i start CS strange logs generated:
[13/Jan/2004:23:54:17 +0100] balu cshttpd[6669]: General Notice: Sun[tm] ONE Calendar Server 6.0 (built Nov 14 2003) cshttpd
starting up
[13/Jan/2004:23:54:17 +0100] balu cshttpd[6669]: General Notice: cshttpd attempting to open Counters Database
[13/Jan/2004:23:54:17 +0100] balu cshttpd[6669]: General Notice: cshttpd successfully opened the Counters Database
[13/Jan/2004:23:54:18 +0100] balu cshttpd[6669]: General Notice: HTTP Module is refreshing
[13/Jan/2004:23:54:18 +0100] balu cshttpd[6669]: General Notice: cshttpd is refreshing
[13/Jan/2004:23:54:18 +0100] balu cshttpd[6669]: General Notice: cshttpd is refreshed
[13/Jan/2004:23:54:18 +0100] balu cshttpd[6669]: General Notice: HTTP Module has refreshed
[13/Jan/2004:23:54:18 +0100] balu cshttpd[6669]: General Notice: cshttpd: argc=8 argv[0]=/usr/JES/CS-6.0/SUNWics5/cal/lib/cs
httpd
[13/Jan/2004:23:54:18 +0100] balu cshttpd[6669]: General Notice: cshttpd_parse_commandline: successfully bind process 6669 t
o processor 1
[13/Jan/2004:23:54:18 +0100] balu cshttpd[6669]: General Error: Inherit session ID cache failed for http service [-5949]
[13/Jan/2004:23:54:18 +0100] balu cshttpd[6669]: General Notice: session_init: attempting to open session database for cshtt
pd
[13/Jan/2004:23:54:18 +0100] balu cshttpd[6669]: General Notice: session_init: session database open completed for cshttpd
[13/Jan/2004:23:54:18 +0100] balu cshttpd[6669]: General Notice: LdapCacheInit: Ldap Cache not enabled.
[13/Jan/2004:23:54:18 +0100] balu cshttpd[6669]: General Notice: cshttpd attempting to open Calendar Database
[13/Jan/2004:23:54:18 +0100] balu cshttpd[6669]: General Notice: cshttpd successfully opened the Calendar Database
[13/Jan/2004:23:54:19 +0100] balu cshttpd[6668]: General Notice: cshttpd is ready
CS is working fine, but i don't understand the session ID problem.
Then i try to use ssl with CS-6, but it don't work.
SSL handshake work fine (=> certificates are correct), user can log in, but the session die. It is thick with garbage (random characters). I don't understand what happens, but here is snapshot: http://bug.sch.bme.hu/error.bmp
And i see the following log on my terminal
Assertion failure: source UTF-8 string is exhausted in XSLString.cpp.
Then i set
service.http.ssl.port.enable = "yes", becouse i want to use SSL only. I restart CS, but it bind to port 80 too. Why? How can i turn off HTTP?
Best regards
Robert
[2706 byte] By [
BIGUSRbert] at [2007-11-25 10:47:24]
I just copied the conf from SUN manual and then it worked fine - I just have a problem on timeouts (that I posted right now..) I'm pasting here my ssl conf - maybe it could help.
(the http is still running to me also - so I moved it to a non stansard port)
--Yedidia
! SSL conf copied by Yedidia from previous configuration
! 2004JAN04
service.http.ssl.usessl = "yes"
service.http.ssl.enableport = "yes"
service.http.ssl.port = "443"
service.http.ssl.certdb.path = "alias"
service.http.ssl.certdb.password = "*******"
service.http.ssl.securelogin = "yes"
service.http.ssl.securesession = "yes"
service.http.ssl.cert.nickname = "SSLServerCert"
service.http.ssl.ssl3 = "yes"
service.http.ssl.ssl3.ciphers = "rsa_rc4_40_md5,rsa_rc2_40_md5,rsa_des_sha,rsa_rc4_128_md5,rsa_3des_sha"
service.http.ssl.sessiondir.path = "."
service.http.ssl.cachesize = "10000"
service.http.enablesslport = "yes"
service.http.sslport = "443"
service.sslpasswdfile = "config/sslPasswordFile"
local.serverroot = "."
encryption.nscertfile = "alias/cert7.db"
encryption.nskeyfile = "alias/key3.db"
encryption.nssecmodfile = "alias/secmod.db"
encryption.nssslactivation = "on"
encryption.nsssltoken = "internal"
encryption.nssslpersonalityssl = "SSLServerCert"
encryption.nsssl3 = "yes"
encryption.nsssl3Ciphers = "rsa_rc4_40_md5,rsa_rc2_40_md5,rsa_des_sha,rsa_rc4_128_md5,rsa_3des_sha"
encryption.rsa.nssslactivation = "on"
encryption.rsa.nssslpersonalityssl = "SSLServerCert"
encryption.rsa.nsssltoken = "internal"
ics.nssslactivation = "on"
ics.nsssltoken = "internal"
ics.nssslpersonalityssl = "SSLServerCert"
ics.nsssl3 = "yes"
ics.nsssl3Ciphers = "rsa_rc4_40_md5,rsa_rc2_40_md5,rsa_des_sha,rsa_rc4_128_md5,rsa_3des_sha"
! cshttpd will only listen on the SSL Port if "yes" is specified.
service.http.ssl.port.enable = "yes"
I just copied the conf from SUN manual and then it worked fine - I just have a problem on timeouts (that I posted right now..) I'm pasting here my ssl conf - maybe it could help.
(the http is still running to me also - so I moved it to a non standard port)
--Yedidia
! SSL conf copied by Yedidia from previous configuration
! 2004JAN04
service.http.ssl.usessl = "yes"
service.http.ssl.enableport = "yes"
service.http.ssl.port = "443"
service.http.ssl.certdb.path = "alias"
service.http.ssl.certdb.password = "*******"
service.http.ssl.securelogin = "yes"
service.http.ssl.securesession = "yes"
service.http.ssl.cert.nickname = "SSLServerCert"
service.http.ssl.ssl3 = "yes"
service.http.ssl.ssl3.ciphers = "rsa_rc4_40_md5,rsa_rc2_40_md5,rsa_des_sha,rsa_rc4_128_md5,rsa_3des_sha"
service.http.ssl.sessiondir.path = "."
service.http.ssl.cachesize = "10000"
service.http.enablesslport = "yes"
service.http.sslport = "443"
service.sslpasswdfile = "config/sslPasswordFile"
local.serverroot = "."
encryption.nscertfile = "alias/cert7.db"
encryption.nskeyfile = "alias/key3.db"
encryption.nssecmodfile = "alias/secmod.db"
encryption.nssslactivation = "on"
encryption.nsssltoken = "internal"
encryption.nssslpersonalityssl = "SSLServerCert"
encryption.nsssl3 = "yes"
encryption.nsssl3Ciphers = "rsa_rc4_40_md5,rsa_rc2_40_md5,rsa_des_sha,rsa_rc4_128_md5,rsa_3des_sha"
encryption.rsa.nssslactivation = "on"
encryption.rsa.nssslpersonalityssl = "SSLServerCert"
encryption.rsa.nsssltoken = "internal"
ics.nssslactivation = "on"
ics.nsssltoken = "internal"
ics.nssslpersonalityssl = "SSLServerCert"
ics.nsssl3 = "yes"
ics.nsssl3Ciphers = "rsa_rc4_40_md5,rsa_rc2_40_md5,rsa_des_sha,rsa_rc4_128_md5,rsa_3des_sha"
! cshttpd will only listen on the SSL Port if "yes" is specified.
service.http.ssl.port.enable = "yes"
I have the same problem.Did you find an answer ?Regards,Vincent MAZARD
Hi Robert,
>
> Then i try to use ssl with CS-6, but it don't work.
> SSL handshake work fine (=> certificates are
> correct), user can log in, but the session die.
Can the same user login ok in non-ssl mode?
> It is
> thick with garbage (random characters). I don't
> understand what happens, but here is snapshot:
> http://bug.sch.bme.hu/error.bmp
> And i see the following log on my terminal
> Assertion failure: source UTF-8 string is exhausted
> in XSLString.cpp.
Is the user logging to a translated UI or the English version? Does this user's calendar contain non-ascii data?
>
> Then i set
> service.http.ssl.port.enable = "yes", becouse i want
> to use SSL only. I restart CS, but it bind to port 80
> too. Why? How can i turn off HTTP?
Please take a look @ the following doc for ssl configuration :
http://docs.sun.com/source/816-6708-10/csag9.html
By default ssl will bind to port 443, while httpd binds to port 80, but both of these are configurable in ics.conf
Regards,
Mags.
