I have an weird problem with my zimbra install ... I have the proxy servlet enabled and working fine for cross domain ajax requests. However whenever I try to hit a https:// version of my domain I get a 500 java.security.cert.CertificateException that looks like the stack trace below. Any ideas? Other https:// urls seem to work fine.
Error 500 java.security.cert.CertificateException: *** lots of ssl cert specific stuff not sure its safe to post ***
Problem accessing /service/proxy. Reason:
Caused by:
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: * lots of ssl cert specific stuff not sure its safe to post at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1747) at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:241) at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:235) at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1209) at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:135) at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593) at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:529) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:943) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1188) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1215) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1199) at com.zimbra.common.net.CustomSSLSocket.startHandshake(CustomSSLSocket.java:90) at com.zimbra.common.net.CustomSSLSocket.getInputStream(CustomSSLSocket.java:341) at org.apache.commons.httpclient.HttpConnection.open(HttpConnection.java:745) at org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$HttpConnectionAdapter.open(MultiThreadedHttpConnectionManager.java:1361) at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:387) at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171) at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397) at com.zimbra.common.httpclient.HttpClientUtil.executeMethod(HttpClientUtil.java:53) at com.zimbra.common.httpclient.HttpClientUtil.executeMethod(HttpClientUtil.java:39) at com.zimbra.cs.zimlet.ProxyServlet.doProxy(ProxyServlet.java:243) at com.zimbra.cs.zimlet.ProxyServlet.doGet(ProxyServlet.java:152) at javax.servlet.http.HttpServlet.service(HttpServlet.java:705) at com.zimbra.cs.servlet.ZimbraServlet.service(ZimbraServlet.java:206) at javax.servlet.http.HttpServlet.service(HttpServlet.java:814) at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:511) at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:390) at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:218) at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182) at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:765) at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:422) at org.mortbay.jetty.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:230) at org.mortbay.jetty.handler.HandlerCollection.handle(HandlerCollection.java:114) at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152) at org.mortbay.jetty.handler.rewrite.RewriteHandler.handle(RewriteHandler.java:230) at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152) at org.mortbay.jetty.Server.handle(Server.java:326) at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:585) at org.mortbay.jetty.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:971) at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:549) at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:212) at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:415) at org.mortbay.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:429) at org.mortbay.thread.BoundedThreadPool$PoolThread.run(BoundedThreadPool.java:451) Caused by: java.security.cert.CertificateException: d2:CN16:.otherinbox.com1:O18:Return Path\, Inc.2:OU0:6:accept4:true5:alias49:my.otherinbox.com:94CAD63897189661A4696EEEB5E53474:fromi1394668800000e4:host17:my.otherinbox.com3:icn38:DigiCert SHA2 High Assurance Server CA2:io12:DigiCert Inc3:iou16:www.digicert.com3:md532:78C925EF0A86A80C51D73DFA0CCEE0A08:mismatch5:false1:s31:94CAD63897189661A4696EEEB5E53474:sha140:D7A479766373923C5E61404086D23BB45D22377E2:toi1495022400000ee at com.zimbra.common.net.CustomTrustManager.checkServerTrusted(CustomTrustManager.java:90) at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1201) ... 40 more
Caused by:
java.security.cert.CertificateException: * lots of ssl cert specific stuff not sure its safe to post * at com.zimbra.common.net.CustomTrustManager.checkServerTrusted(CustomTrustManager.java:90) at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1201) at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:135) at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593) at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:529) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:943) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1188) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1215) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1199) at com.zimbra.common.net.CustomSSLSocket.startHandshake(CustomSSLSocket.java:90) at com.zimbra.common.net.CustomSSLSocket.getInputStream(CustomSSLSocket.java:341) at org.apache.commons.httpclient.HttpConnection.open(HttpConnection.java:745) at org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$HttpConnectionAdapter.open(MultiThreadedHttpConnectionManager.java:1361) at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:387) at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171) at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397) at com.zimbra.common.httpclient.HttpClientUtil.executeMethod(HttpClientUtil.java:53) at com.zimbra.common.httpclient.HttpClientUtil.executeMethod(HttpClientUtil.java:39) at com.zimbra.cs.zimlet.ProxyServlet.doProxy(ProxyServlet.java:243) at com.zimbra.cs.zimlet.ProxyServlet.doGet(ProxyServlet.java:152) at javax.servlet.http.HttpServlet.service(HttpServlet.java:705) at com.zimbra.cs.servlet.ZimbraServlet.service(ZimbraServlet.java:206) at javax.servlet.http.HttpServlet.service(HttpServlet.java:814) at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:511) at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:390) at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:218) at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182) at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:765) at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:422) at org.mortbay.jetty.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:230) at org.mortbay.jetty.handler.HandlerCollection.handle(HandlerCollection.java:114) at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152) at org.mortbay.jetty.handler.rewrite.RewriteHandler.handle(RewriteHandler.java:230) at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152) at org.mortbay.jetty.Server.handle(Server.java:326) at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:585) at org.mortbay.jetty.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:971) at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:549) at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:212) at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:415) at org.mortbay.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:429) at org.mortbay.thread.BoundedThreadPool$PoolThread.run(BoundedThreadPool.java:451)
I think, Zimbra's java is rejecting your server's certificate. Probably because of a self signed or old certificate. You may have to add the certificate to java's keyring cacerts, which is located in ~zimbra/java/jre/lib/security/cacerts and can be modified using the "keytool" command. The password should be the default "changeit".