RE: Validator error

We would like to utilize the validator for our internal sites (break/fix environment, QA, intranet sites).
These sites are not accessible from outside our firewalls and require SSL.
If you could point me in the right direction/configuration steps that would be awesome.
You're help is greatly appreciated.

-----Original Message-----
From: Thomas Gambet [mailto:tgambet@w3.org] 
Sent: Monday, November 15, 2010 3:35 PM
To: Barry McCall
Cc: Dominique Hazael-Massieux; public-qa-dev@w3.org
Subject: Re: Validator error

Hi Barry,

First let me clarify something. Unicorn is a frontend for the 
validators, it is actually not a validator by itself. Unicorn uses other 
validators as web services and display the results of them on a single 
UI. You can choose whether you want to use our instances of the 
validators or install your own. Alternatively you can wait for the 
appliance that Dom talked about to be released but this project has just 
started.

Could you give me your use case exactly? Is the data you want to 
validate accessible from outside your network? Is it confidential data? 
I could walk you through the configuration if i know what you need.

Further comments inline.

On 11/11/2010 03:31 PM, Barry McCall wrote:
> I've installed the application on a local server. Stack is below.
>
> Unicorn war packaged via 'ant retrieve generate_observer generate_tasklist default_conf war'
> tomcat6
> mod_jk
> Apache22
> FreeBSD 8.1-RELEASE
>
> I've edited the unicorn/WebContent/WEB-INF/conf/observers.properties.default to reflect the following...
> I am no catalina guru so I couldn't get web.xml to allow listing of the .wadl files inside the app so I moved them out and I'm letting apache take care of the permissions.
> ----------------------------------------------------------------------------------------------
> httpd.conf
>
> Alias /contracts "/usr/local/apache-tomcat-6.0/webapps/unicorn/WEB-INF/resources/contracts/"
> <Directory "/usr/local/apache-tomcat-6.0/webapps/unicorn/WEB-INF/resources/contracts">
>     AllowOverride None
>     Options Indexes
>     Order allow,deny
>     Allow from all
> </Directory>
> ----------------------------------------------------------------------------------------------
> observers.properties.default
>
> css-validator = http://validate.internalurl.net/contracts/css-validator.wadl


Try to simply changing the values to:
css-validator = 
file:///usr/local/apache-tomcat-6.0/webapps/unicorn/WEB-INF/resources/contracts/css-validator.wadl
Then no need to edit httpd.conf.

However i'm not sure why you decided to edit that file. The contracts 
under http://validator.w3.org/unicorn/contracts/ and the one in the 
repository are exactly the same so unless you can't access that uri or 
unless you edit the contracts, it won't change a thing.

> You stated "The only way to do that would be to install the validators locally." You've referred to validators in the plural form. Is the unified validator simply not enough to run internally? Do I have to install the other validators as well?

Unicorn is enough if you're willing to use our instances of the 
validators as web services. If you want no data going in or out of your 
network, yes you'll have to install the validators you want to use.

> Also, we need to check internal SSL sites as well. I added our root certificate in PEM format using keytool -importcert -file ourcert.pem but I still receive the following error.
>
> class javax.net.ssl.SSLHandshakeException
> sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Could you give me the complete stacktrace?

> However my internal installation of the validator works fine on any externally accessible website. (including https sites (gmail.google.com, others)) I only receive the errors I've indicated (including the SSL error and the originally reported stack trace). I'm getting the feeling that I'm missing something bigger to be able to fully utilize this internally.

Regards,
Tom

Received on Tuesday, 16 November 2010 15:25:13 UTC