LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 06-20-2011, 10:50 AM   #1
pmorin
Member
 
Registered: Jun 2011
Posts: 40

Rep: Reputation: Disabled
WebDav secured with SSL problem


Hi !

I'm installing Liferay as a WAR on Tomcat 6 on a new Ubuntu server.
I want my portal accessible only via HTTPS, that's why I've enabled it via Apache.

My config :
Apache 2 (/etc/apache2/sites-enabled/001-https)
Code:
<VirtualHost my.domain.com:443>
        ServerAdmin admin@domain.com
        ServerName my.domain.com:443

        ErrorLog /var/log/apache2/error.log

        LogLevel warn

        CustomLog /var/log/apache2/access.log combined
        ServerSignature On

        SSLEngine on
        SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
        SSLCertificateFile /etc/ssl/server.crt
        SSLCertificateKeyFile /etc/ssl/server.key
        SSLCACertificatePath /etc/ssl

        SetEnvIf User-Agent ".*MSIE.*" \
                         nokeepalive ssl-unclean-shutdown \
                         downgrade-1.0 force-response-1.0

        JkMount /* worker1
</VirtualHost>
This is working great so far...

But I have a problem with WebDav (provided by Liferay).

When I try to access a Web Folder with Nautilus or via the command "sudo mount -t davfs https://my.domain.com/tunnel-web/sec...cument_library /media/webdrive/", I have an error that blocks me.
Note that when I access the WebDav share directly from Tomcat at the address "http://my.domain.com:8080/tunnel-web/secure/webdav/pit/document_library", it works fine.

The error from Nautilus is the following :
Code:
DBus error org.freedesktop.DBus.Error.NoReply: Message did not receive a reply (timeout by message bus)
The output from the command line is :
Code:
Please enter the username to authenticate with server
https://my.domain.com/tunnel-web/secure/webdav/pit/document_library or hit enter for none.
  Username: pit@domain.com
Please enter the password to authenticate user pit@domain.com with server
https://my.domain.com/tunnel-web/secure/webdav/pit/document_library or hit enter for none.
  Password:  
/sbin/mount.davfs: the server certificate is not trusted
  issuer:      Company, Paris, France, FR
  subject:     Company, Paris, France, FR
  identity:    my.domain.com
  fingerprint: 56:40:2b:26:9f:f5:51:31:96:5b:44:5a:3c:75:df:93:5c:06:1f
You only should accept this certificate, if you can
verify the fingerprint! The server might be faked
or there might be a man-in-the-middle-attack.
Accept certificate for this session? [y,N] y
/sbin/mount.davfs: Mounting failed.
Could not authenticate to server: missing parameter in Digest challenge
Can anyone help me, please ?
I found nothing on the net.

Thanks !
Pit
 
Old 06-20-2011, 04:59 PM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 26,944
Blog Entries: 54

Rep: Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731
If you use basic auth maybe "sudo mount -t davfs https://login: password@domain.com/some/path /media/webdrive/" works?
 
Old 06-21-2011, 02:33 AM   #3
pmorin
Member
 
Registered: Jun 2011
Posts: 40

Original Poster
Rep: Reputation: Disabled
Thank you for your response.
That's too bad, it says "/sbin/mount.davfs: invalid URL".

Where do you think the problem come from ?
 
Old 06-21-2011, 03:05 AM   #4
pmorin
Member
 
Registered: Jun 2011
Posts: 40

Original Poster
Rep: Reputation: Disabled
OK, so it clearly seems that the problem comes from the Digest Authentication.
I've disabled digest_auth and enabled basic_auth and try again as you said with Nautilus and it worked ! \o/

So, what do you think the problem is ?

Other question : is it secure enouth to use Basic Auth when we are SSL encrypted ?

Thanks !

Pit
 
Old 06-21-2011, 07:42 PM   #5
unSpawn
Moderator
 
Registered: May 2001
Posts: 26,944
Blog Entries: 54

Rep: Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731
Quote:
Originally Posted by pmorin View Post
That's too bad, it says "/sbin/mount.davfs: invalid URL". Where do you think the problem come from ?
Dunno but /etc(/dav.*)/davfs2.conf should allow for debugging options (see "Debugging Options" in 'man 5 davfs2.conf') that may shed some light on this.


Quote:
Originally Posted by pmorin View Post
OK, so it clearly seems that the problem comes from the Digest Authentication. I've disabled digest_auth and enabled basic_auth and try again as you said with Nautilus and it worked ! \o/ So, what do you think the problem is ?

Quote:
Originally Posted by pmorin View Post
Other question : is it secure enouth to use Basic Auth when we are SSL encrypted ?
The RFC (4918) clearly states Basic auth should only be used if the connection is secure (indeed: using SSL). It also states Digest auth should be supported, maybe there are some options in /etc(/dav.*)/secrets that could help in conjunction with debugging the output?


* Debug output ultimately should go to the maintainer (mailing list?) of DavFS at http://savannah.nongnu.org/projects/davfs2. If you post it here at least scrub client and server names slash IP addresses, obfuscate logins and any other unique identifiers and post complete transaction lines (not snippets) in (preferably) BB code.
 
Old 06-22-2011, 02:32 AM   #6
pmorin
Member
 
Registered: Jun 2011
Posts: 40

Original Poster
Rep: Reputation: Disabled
Thank you !
I'll try that if I have time and I'll do has you said if I find a solution. ;-)

Do you think I must tag this thread as "SOLVED", even if it's not entirely resolved ?

Last edited by pmorin; 06-22-2011 at 02:47 AM.
 
Old 06-22-2011, 11:54 AM   #7
unSpawn
Moderator
 
Registered: May 2001
Posts: 26,944
Blog Entries: 54

Rep: Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731
No, if it's not solved then you best don't.
 
  


Reply

Tags
https, ssl, webdav


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
webDAV problem on SLES10 chickenminnie Linux - Newbie 0 12-07-2009 08:11 AM
vsftpd SSL problem (522 SSL connection failed) stringZ Linux - Server 8 05-05-2009 02:27 PM
What about non secured cmd lines through AIM ?? (ssh like, non secured) frenchn00b Debian 2 11-17-2008 01:52 AM
LXer: How to secure WebDAV with SSL and Two-Factor Authentication LXer Syndicated Linux News 0 04-18-2007 09:31 AM
WebDAV configuration problem Apollo77 Linux - General 5 12-22-2003 11:31 AM


All times are GMT -5. The time now is 09:13 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration