I think you just need to install your cert into the keystore for the JVM that your pipeline execution is using. This is sort of described here:
I say “sort of” because there’s a whole step about pulling the cert from the site itself using OpenSSL that you shouldn’t need to go through. You might need to do a little bit of conversion to get your key installed in the server in a format that the Java keystore is happy with, but then again maybe not. It’s been a while since I’ve done that, so I’m not really sure what the Java keytool application requires.
Sr. Programmer/Analyst
Neuroinformatics Research Group
Washington University School of Medicine
--
You received this message because you are subscribed to the Google Groups "xnat_discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
xnat_discussi...@googlegroups.com.
To post to this group, send email to
xnat_di...@googlegroups.com.
Visit this group at http://groups.google.com/group/xnat_discussion.
For more options, visit https://groups.google.com/d/optout.
Hi Miklos,
I had exactly this problem at the last installation that I performed. This is a particular nuisance even if one doesn't explicitly use additional analysis pipelines, because the auto run pipeline, which generates the image thumbnails, fails. So an immediate symptom is that data uploads "succeed", but with no thumbnails and a message like this
AutoRun:QueuedStart Time: 2014-10-06 15:23:52.044[Mark as Failed]
on the session report page.
I didn't dig very deeply, but it seemed that the underlying java class just didn't like self-signed certificates. I need to go back and revisit the topic, because I also remember writing other code of my own that failed with self-signed certificates. I found only two ways around it:
Method 1: Purchase a genuine SSL certificate signed by an appropriate authority. They are not overly expensive and this also has the benefit that your users won't get scared off by modern browsers telling them that your XNAT site is a potentially security risk, with at least one browser displaying "Help! Get me out of here!" when the user first logs on.
Method 2: As a short term fix and not recommended on production systems, compromise by setting security.channel=any in the file Tomcat/webapps/<your XNAT>/WEB-INF/conf/services.properties. Then restart Tomcat. This allows an alternate login via http (typically on port 8080) and allows the pipelines to run. Just don't tell your users and make sure you always give them the https URL.
Hope that helps.
Best wishes,
Simon
On Monday, October 6, 2014 2:45:08 PM UTC+1, Miklos Espak wrote:
<parameter>
<name>resolved_host</name>
<values>
<unique>^if(boolean(/Pipeline/parameters/parameter[name='aliasHost'])) then /Pipeline/parameters/parameter[name='aliasHost']/values/unique/text() else /Pipeline/parameters/parameter[name='host']/values/unique/text()^</unique>
</values>
</parameter>
--
You received this message because you are subscribed to the Google Groups "xnat_discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to xnat_discussi...@googlegroups.com.
To post to this group, send email to xnat_di...@googlegroups.com.
Visit this group at http://groups.google.com/group/xnat_discussion.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to a topic in the Google Groups "xnat_discussion" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/xnat_discussion/0dmtn56Ru18/unsubscribe.
To unsubscribe from this group and all its topics, send an email to xnat_discussi...@googlegroups.com.