Zimbra proxy servlet 500 error on my https domain

2.6k views Asked by At

I have an weird problem with my zimbra install ... I have the proxy servlet enabled and working fine for cross domain ajax requests. However whenever I try to hit a https:// version of my domain I get a 500 java.security.cert.CertificateException that looks like the stack trace below. Any ideas? Other https:// urls seem to work fine.

Error 500 java.security.cert.CertificateException: *** lots of ssl cert specific stuff not sure its safe to post ***

Problem accessing /service/proxy. Reason:

Caused by:

javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: * lots of ssl cert specific stuff not sure its safe to post 
    at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1747)
    at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:241)
    at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:235)
    at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1209)
    at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:135)
    at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593)
    at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:529)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:943)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1188)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1215)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1199)
    at com.zimbra.common.net.CustomSSLSocket.startHandshake(CustomSSLSocket.java:90)
    at com.zimbra.common.net.CustomSSLSocket.getInputStream(CustomSSLSocket.java:341)
    at org.apache.commons.httpclient.HttpConnection.open(HttpConnection.java:745)
    at org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$HttpConnectionAdapter.open(MultiThreadedHttpConnectionManager.java:1361)
    at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:387)
    at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
    at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
    at com.zimbra.common.httpclient.HttpClientUtil.executeMethod(HttpClientUtil.java:53)
    at com.zimbra.common.httpclient.HttpClientUtil.executeMethod(HttpClientUtil.java:39)
    at com.zimbra.cs.zimlet.ProxyServlet.doProxy(ProxyServlet.java:243)
    at com.zimbra.cs.zimlet.ProxyServlet.doGet(ProxyServlet.java:152)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:705)
    at com.zimbra.cs.servlet.ZimbraServlet.service(ZimbraServlet.java:206)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:814)
    at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:511)
    at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:390)
    at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:218)
    at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182)
    at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:765)
    at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:422)
    at org.mortbay.jetty.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:230)
    at org.mortbay.jetty.handler.HandlerCollection.handle(HandlerCollection.java:114)
    at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152)
    at org.mortbay.jetty.handler.rewrite.RewriteHandler.handle(RewriteHandler.java:230)
    at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152)
    at org.mortbay.jetty.Server.handle(Server.java:326)
    at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:585)
    at org.mortbay.jetty.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:971)
    at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:549)
    at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:212)
    at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:415)
    at org.mortbay.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:429)
    at org.mortbay.thread.BoundedThreadPool$PoolThread.run(BoundedThreadPool.java:451)
Caused by: java.security.cert.CertificateException: d2:CN16:.otherinbox.com1:O18:Return Path\, Inc.2:OU0:6:accept4:true5:alias49:my.otherinbox.com:94CAD63897189661A4696EEEB5E53474:fromi1394668800000e4:host17:my.otherinbox.com3:icn38:DigiCert SHA2 High Assurance Server CA2:io12:DigiCert Inc3:iou16:www.digicert.com3:md532:78C925EF0A86A80C51D73DFA0CCEE0A08:mismatch5:false1:s31:94CAD63897189661A4696EEEB5E53474:sha140:D7A479766373923C5E61404086D23BB45D22377E2:toi1495022400000ee
    at com.zimbra.common.net.CustomTrustManager.checkServerTrusted(CustomTrustManager.java:90)
    at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1201)
    ... 40 more

Caused by:

java.security.cert.CertificateException: * lots of ssl cert specific stuff not sure its safe to post *
    at com.zimbra.common.net.CustomTrustManager.checkServerTrusted(CustomTrustManager.java:90)
    at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1201)
    at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:135)
    at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593)
    at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:529)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:943)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1188)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1215)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1199)
    at com.zimbra.common.net.CustomSSLSocket.startHandshake(CustomSSLSocket.java:90)
    at com.zimbra.common.net.CustomSSLSocket.getInputStream(CustomSSLSocket.java:341)
    at org.apache.commons.httpclient.HttpConnection.open(HttpConnection.java:745)
    at org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$HttpConnectionAdapter.open(MultiThreadedHttpConnectionManager.java:1361)
    at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:387)
    at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
    at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
    at com.zimbra.common.httpclient.HttpClientUtil.executeMethod(HttpClientUtil.java:53)
    at com.zimbra.common.httpclient.HttpClientUtil.executeMethod(HttpClientUtil.java:39)
    at com.zimbra.cs.zimlet.ProxyServlet.doProxy(ProxyServlet.java:243)
    at com.zimbra.cs.zimlet.ProxyServlet.doGet(ProxyServlet.java:152)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:705)
    at com.zimbra.cs.servlet.ZimbraServlet.service(ZimbraServlet.java:206)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:814)
    at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:511)
    at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:390)
    at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:218)
    at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182)
    at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:765)
    at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:422)
    at org.mortbay.jetty.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:230)
    at org.mortbay.jetty.handler.HandlerCollection.handle(HandlerCollection.java:114)
    at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152)
    at org.mortbay.jetty.handler.rewrite.RewriteHandler.handle(RewriteHandler.java:230)
    at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152)
    at org.mortbay.jetty.Server.handle(Server.java:326)
    at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:585)
    at org.mortbay.jetty.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:971)
    at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:549)
    at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:212)
    at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:415)
    at org.mortbay.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:429)
    at org.mortbay.thread.BoundedThreadPool$PoolThread.run(BoundedThreadPool.java:451)

1

There are 1 answers

6
Dennis Plöger On

I think, Zimbra's java is rejecting your server's certificate. Probably because of a self signed or old certificate. You may have to add the certificate to java's keyring cacerts, which is located in ~zimbra/java/jre/lib/security/cacerts and can be modified using the "keytool" command. The password should be the default "changeit".