| *** nowen (~nowen@2600:1003:b120:e7cd:4b2:5293:6a90:39b7) has joined #wikid | 14:01 | |
| *** Salik (45f6d450@gateway/web/freenode/ip.69.246.212.80) has joined #wikid | 14:56 | |
| Salik | hi nick. you there? | 14:56 |
|---|---|---|
| nowen | yes | 14:56 |
| nowen | what's up? | 14:57 |
| Salik | I was able to successfully set up our "new" wikid server. We are seeing some issues with the "old" server today. Getting a "The wClient connection to the server was NOT successfully established" message at example.jsp page | 14:57 |
| Salik | we have tried restarting wikid but that didnt seem to help | 14:58 |
| nowen | hmm - did you upgrade that server? If so, it may have been overwritten. you might have to re-edit it | 14:58 |
| Salik | no the old server was not touched. a completely new server was built | 14:58 |
| Salik | we were going to retire the old server once we got users moved to the new server | 14:59 |
| nowen | check the file and make sure that the passphrase for the localhost wasn't changed | 14:59 |
| Salik | what file am i looking at? | 15:00 |
| nowen | /opt/WiKID/tomcat/webapps/WiKIDAdmin/example.jsp | 15:00 |
| Salik | this server was setup long before me... so don't know the passphrase. anywhere else I can look to check if the passphrase here matches? | 15:10 |
| nowen | well, it is says 'passphrase' then it's been over-written. The other possibility is that your localhost cert is expired | 15:10 |
| nowen | https://www.wikidsystems.com/support/wikid-support-center/troubleshooting-faq/how-do-i-know-if-my-certificate-is-valid | 15:11 |
| nowen | check it via the command line as per that page. if it is expired, just create a new one via the Config tab. | 15:11 |
| Salik | yeah it doesnt say "passphrase" | 15:11 |
| Salik | ok | 15:11 |
| nowen | if you use the same passphrase as you saw in that page, then you don't have to edit the page ;-). but it would be good to change it if people have left, etc. | 15:12 |
| Salik | does passphrase have to be in quotes when you run those commands in the link? | 15:29 |
| Salik | to check cert | 15:30 |
| nowen | I don't think so | 15:30 |
| Salik | my passphrase has special characters. when i run it without quotes it gives syntax error | 15:30 |
| nowen | hmm could be then | 15:30 |
| nowen | if you do, does it work? | 15:31 |
| Salik | when i run with quotes, i get "keytool error: java.io.IOException: PKCS12 key store mac invalid - wrong password or corrupted file." | 15:31 |
| nowen | what's the date on that file? | 15:31 |
| Salik | i am using the passphrase that was in that file | 15:31 |
| Salik | one sec | 15:31 |
| nowen | no harm in just creating a new localhost cert, reall | 15:31 |
| nowen | y | 15:31 |
| Salik | april 3 2013 | 15:31 |
| nowen | so, it's probably expired. | 15:32 |
| nowen | so - it could be that the passphrase is wrong too | 15:32 |
| nowen | I say just create a new one with the passphrase you want anyway | 15:32 |
| Salik | ok. any documentation on how to do that part | 15:33 |
| nowen | https://www.wikidsystems.com/support/wikid-support-center/manual/how-to-install-the-wikid-strong-authentication-server/how-to-install-the-wikid-strong-authentication-server-enterprise-edition-page-2 | 15:34 |
| Salik | this is a live production system right now. i cant do anything to "break" it. users are able to connect right now. just cant register new accounts | 15:34 |
| nowen | look for Step 4: Generate a Localhost Certificate | 15:34 |
| nowen | it won't break anything. but you will need to restart the server | 15:34 |
| nowen | is this the only script you have running? | 15:35 |
| nowen | are you using ADRegister? | 15:35 |
| Salik | i have no idea :) | 15:35 |
| Salik | i know nothing about how this was setup :) | 15:35 |
| nowen | well, ADregister allows users to register their own tokens after logging in to the script with their AD creds | 15:36 |
| nowen | do you guys do that? | 15:36 |
| Salik | no we are not using that I think. we have to manually register the accounts | 15:36 |
| nowen | well, that's the only other script we provide that uses localhost.p12 | 15:36 |
| nowen | so, you create the new localhost cert and and soon as you restart, example.jsp should work. | 15:37 |
| Salik | and it doesnt matter what I use for passphrase? | 15:38 |
| Salik | it doesnt need to be updated anywhere else? | 15:38 |
| nowen | it shouldn't. | 15:38 |
| Salik | it needs to match the passphrase in example.jsp, right? | 15:39 |
| nowen | yes - they need to match. | 15:39 |
| *** nowen1 (~nowen@2600:1003:b115:f1fb:4b2:5293:6a90:39b7) has joined #wikid | 15:42 | |
| *** nowen has quit (Ping timeout: 240 seconds) | 15:44 | |
| *** nowen1 is now known as nowen | 15:45 | |
| Salik | Client PKCS12 Passphrase is the one that needs to match example.jsp passphrase? | 15:47 |
| nowen | yes | 15:47 |
| Salik | and then any way I can find the server keystore passphrase? not sure what that is since this was all setup long ago | 15:48 |
| nowen | if you are not prompted for it on every restart, then it is in /etc/WiKID/security | 15:48 |
| Salik | ok | 15:48 |
| nowen | did it work? | 16:06 |
| Salik | yeah that worked. thanks for the help | 16:33 |
| nowen | ok | 16:43 |
| *** nowen has quit (Ping timeout: 240 seconds) | 19:06 | |
| *** Salik has quit (Quit: Page closed) | 20:15 | |
| *** nowen (~nowen@2600:1003:b126:6305:4b2:5293:6a90:39b7) has joined #wikid | 20:22 | |
| *** nowen has quit (Ping timeout: 240 seconds) | 20:39 | |
Generated by irclog2html.py 2.11.0 by Marius Gedminas - find it at mg.pov.lt!