What format are the SSL certificates in?
They are PEM certificates converted from DER.
Try converting the certificates to a JKS (Java) keystore. That was the only way I was able to get it to work. Make sure to update the Tomcat server xml as well.
1 of 1 people found this helpful
I had to convert them to JKS. It has been a while since I did it, but I converted them from the pkcs12 format. So my command line looked like:
keytool -importkeystore -srckeystore PFX_P12_FILE_NAME -srcstoretype pkcs12 -srcstorepass PASSWORD -srcalias SOURCE_ALIAS -destkeystore KEYSTORE_FILE -deststoretype jks -deststorepass PASSWORD -destalias ALIAS_NAME
I was able to complete this but it did not work. I am still getting the same 404 page.
Do you notice anything new in the tomcat apache logs? Does going directly to the apache server via web browser resolve?
192.168.186.20 - - [18/Nov/2015:21:56:52 +0000] "POST /sparkler/sfdc/canvas HTTP/1.1" 200 626 -- This is a change that I didn't see yesterday. Possibly the SSL changes actually taking effect?
This is what is in the log. Std 200 code is fine, but the Canvas app is saying "The page you were looking for could no be found. Check URL for errors"
It is responding as if it can find the required files per the logs, but acting as if it cannot per the canvas app.
I am not finding C:\Program Files (x86)\Apache Software Foundation\Tomcat 7.0\webapps\sparkler\sfdc in the file structure on the host. Is that expected?
Hmm. That's interesting. The Sparkler deployment references up to the \webapps but not the webapps\sparkler\sfdc directory.
So you can see the sparkler status page, so I would assume the apache page also displays in the browser. Correct?
It has been a while since installed sparkler, it looks like I need to spend some time and install it again to double check everything. My memory is a little fuzzy.
I'm starting to think that it may be setup correctly but that somehow the URL's to the dashboard or view may be getting truncated somehow resulting in the page not found.
The message does say to check the url for errors, is the salesforce passing a url parameter?
Sorry, I didn't think of this sooner. Can you confirm that the url works being used works outside of salesforce?
I'm not sure the URL is bring truncated, in the logs I can see attempts to access sparkler/sfdc/canvas which returns a 200. I would suspect if the url was being truncated it would show it in the logs. It actually makes me think the traffic isn't passing back to salesforce correctly, but we do not block outgoing traffic from our servers.
looks like I get a http1.1/400 off the server when doing a curl -X POST -v https://(server)/sparkler/sfdc/canvas
I'm not sure what I need to put into the http request.
* About to connect() to sparkler.server.server.com port 443 (#0)
* Trying xxx.xxx.xxx.xxx... connected
* Connected to sparkler.server.server.com (xxx.xxx.xxx.xxx) port 443 (#0)
* Initializing NSS with certpath: /etc/pki/nssdb
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
* SSL connection using TLS_RSA_WITH_AES_128_CBC_SHA
* Server certificate:
* subject: CN=*.server.server.com,OU=Domain Control Validated
* start date: Sep 05 17:11:09 2014 GMT
* expire date: Sep 05 17:11:09 2017 GMT
* common name: *.server.server.com
* issuer: CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O="GoDaddy.com, Inc.",L=Scottsdale,ST=Arizona,C=US
> POST /sparkler/sfdc/canvas HTTP/1.1
> User-Agent: curl/7.19.7 (x86_64-unknown-linux-gnu) libcurl/7.19.7 NSS/126.96.36.199 zlib/1.2.3 libidn/1.18 libssh2/1.2.2
> Host: sparkler.server.server.com
> Accept: */*
< HTTP/1.1 400 Bad Request
< Date: Mon, 23 Nov 2015 16:32:35 GMT
< Server: Apache-Coyote/1.1
< Content-Length: 0
< Connection: keep-alive
* Connection #0 to host sparkler.corp.tune.com left intact
* Closing connection #0
Hmm. Well, I did find the following regarding the 'CApath: none' part:
I apologize. I have had a pretty busy weekend and haven't had time to try and configure sparkler yet, but I have not forgot.
Try double checking the permissions for the path.