Karakun Support Forums

The JVM download server is in our case a local server which is reachable over http. When OWS requests the jvms.json file, it does an https request. As the server has no certificate, a "Security Warning" dialog that the HTTPS Certificate cannot be verified is shown.

The same is true when requesting a .jnlp file.

Is there a way to force OWS to use the scheme provided in the URL?

I presume you are using OWS v 1.1.8.

I have a local JVM Server http://localhost:8081/jvms/jvms2.json which I have specified in itw-settings > JVM Manager > Settings > Default update server URL

The jvms2.json is as follows: Both the JVM server URL and URL for the JVM use HTTP and it woks for me => OWS takes the JVM Server URL from Settings and the JVM URL from the json file.

Also in the settings under the tab "Security"
There is an option "Do not favor https requests". If you select this OWS will not use https instead of http.
But be advised that http is not save against a man in the middle attack and we strongly discourage the usage of http because any software which is downloaded has the potential to execute arbitrary code on your machine.

Thank you for the hint to this setting and its security implications. We have a deployment where the application is locally deployed by OWS in a secured local network. A man in the middle attack is still possible, but the attacker would have to have access to the secured network.

I tested the setting and it works as advertised!