LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (https://www.linuxquestions.org/questions/linux-server-73/)
-   -   WebDav secured with SSL problem (https://www.linuxquestions.org/questions/linux-server-73/webdav-secured-with-ssl-problem-887351/)

pmorin 06-20-2011 10:50 AM
WebDav secured with SSL problem
 
Hi !

I'm installing Liferay as a WAR on Tomcat 6 on a new Ubuntu server.
I want my portal accessible only via HTTPS, that's why I've enabled it via Apache.

My config :
Apache 2 (/etc/apache2/sites-enabled/001-https)
Code:
<VirtualHost my.domain.com:443>
        ServerAdmin admin@domain.com
        ServerName my.domain.com:443

        ErrorLog /var/log/apache2/error.log

        LogLevel warn

        CustomLog /var/log/apache2/access.log combined
        ServerSignature On

        SSLEngine on
        SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
        SSLCertificateFile /etc/ssl/server.crt
        SSLCertificateKeyFile /etc/ssl/server.key
        SSLCACertificatePath /etc/ssl

        SetEnvIf User-Agent ".*MSIE.*" \
                        nokeepalive ssl-unclean-shutdown \
                        downgrade-1.0 force-response-1.0

        JkMount /* worker1
</VirtualHost>
This is working great so far...

But I have a problem with WebDav (provided by Liferay).

When I try to access a Web Folder with Nautilus or via the command "sudo mount -t davfs https://my.domain.com/tunnel-web/sec...cument_library /media/webdrive/", I have an error that blocks me.
Note that when I access the WebDav share directly from Tomcat at the address "http://my.domain.com:8080/tunnel-web/secure/webdav/pit/document_library", it works fine.

The error from Nautilus is the following :
Code:
DBus error org.freedesktop.DBus.Error.NoReply: Message did not receive a reply (timeout by message bus)
The output from the command line is :
Code:
Please enter the username to authenticate with server
https://my.domain.com/tunnel-web/secure/webdav/pit/document_library or hit enter for none.
  Username: pit@domain.com
Please enter the password to authenticate user pit@domain.com with server
https://my.domain.com/tunnel-web/secure/webdav/pit/document_library or hit enter for none.
  Password: 
/sbin/mount.davfs: the server certificate is not trusted
  issuer:      Company, Paris, France, FR
  subject:    Company, Paris, France, FR
  identity:    my.domain.com
  fingerprint: 56:40:2b:26:9f:f5:51:31:96:5b:44:5a:3c:75:df:93:5c:06:1f
You only should accept this certificate, if you can
verify the fingerprint! The server might be faked
or there might be a man-in-the-middle-attack.
Accept certificate for this session? [y,N] y
/sbin/mount.davfs: Mounting failed.
Could not authenticate to server: missing parameter in Digest challenge
Can anyone help me, please ?
I found nothing on the net.

Thanks !
Pit

unSpawn 06-20-2011 04:59 PM
If you use basic auth maybe "sudo mount -t davfs https://login: password@domain.com/some/path /media/webdrive/" works?

pmorin 06-21-2011 02:33 AM
Thank you for your response.
That's too bad, it says "/sbin/mount.davfs: invalid URL".

Where do you think the problem come from ?

pmorin 06-21-2011 03:05 AM
OK, so it clearly seems that the problem comes from the Digest Authentication.
I've disabled digest_auth and enabled basic_auth and try again as you said with Nautilus and it worked ! \o/

So, what do you think the problem is ?

Other question : is it secure enouth to use Basic Auth when we are SSL encrypted ?

Thanks !

Pit

unSpawn 06-21-2011 07:42 PM
Quote:
Originally Posted by pmorin (Post 4391466)
That's too bad, it says "/sbin/mount.davfs: invalid URL". Where do you think the problem come from ?
Dunno but /etc(/dav.*)/davfs2.conf should allow for debugging options (see "Debugging Options" in 'man 5 davfs2.conf') that may shed some light on this.


Quote:
Originally Posted by pmorin (Post 4391485)
OK, so it clearly seems that the problem comes from the Digest Authentication. I've disabled digest_auth and enabled basic_auth and try again as you said with Nautilus and it worked ! \o/ So, what do you think the problem is ?

Quote:
Originally Posted by pmorin (Post 4391485)
Other question : is it secure enouth to use Basic Auth when we are SSL encrypted ?
The RFC (4918) clearly states Basic auth should only be used if the connection is secure (indeed: using SSL). It also states Digest auth should be supported, maybe there are some options in /etc(/dav.*)/secrets that could help in conjunction with debugging the output?


* Debug output ultimately should go to the maintainer (mailing list?) of DavFS at http://savannah.nongnu.org/projects/davfs2. If you post it here at least scrub client and server names slash IP addresses, obfuscate logins and any other unique identifiers and post complete transaction lines (not snippets) in (preferably) BB code.

pmorin 06-22-2011 02:32 AM
Thank you !
I'll try that if I have time and I'll do has you said if I find a solution. ;-)

Do you think I must tag this thread as "SOLVED", even if it's not entirely resolved ?

unSpawn 06-22-2011 11:54 AM
No, if it's not solved then you best don't.


All times are GMT -5. The time now is 05:42 PM.