Hi all- We're having a problem with serving our restlet web application over SSL. It's very possible that we're doing something wrong with how we're setting up the keystore and cert.
We had previously set up SSL with a self-signed cert, generated using java keytool. This worked fine on Jetty and, until recently, with the Simple connector, which had some hanging issues a few revisions ago (but which may have been fixed, we're not sure. overall we'd prefer to get back to using the simple connector). Our configuration involved something like this: Series<Parameter> params = s.getServers().add(Protocol.HTTPS, 8443) .getContext().getParameters(); params.add("keystorePath", "path/to/keystore.jks"); params.add("keystorePassword", "secret"); params.add("keyPassword", "secret"); So, like I said, this worked fine with a self-signed cert, although obviously browsers complain at first. We recently decided to acquire a "real" CA-signed cert, which we got from StartSSL.com. I built up a keystore which imports their root certs and the cert they signed for us. Doing a "keytool -list" command shows something like this: Keystore type: JKS Keystore provider: SUN Your keystore contains 3 entries startcom.ca.sub, Apr 26, 2010, trustedCertEntry, Certificate fingerprint (MD5): 30:B0:5A:F7:B2:F4:BE:0C:28:67:15:EA:CC:5B:24:20 startcom.ca, Apr 26, 2010, trustedCertEntry, Certificate fingerprint (MD5): 22:4D:8F:8A:FC:F7:35:C2:BB:57:34:90:7B:8B:22:16 startcom pfx certificate, Apr 26, 2010, PrivateKeyEntry, Certificate fingerprint (MD5): 15:F4:A5:34:C6:B1:DE:BE:BF:4E:5D:83:BA:97:89:1E Here is what we experience now: With Jetty: - everything seems to work great in our Safari, Chrome, and IE browsers, in that HTTPS works and the browser doesn't complain. - Firefox complains that the cert is "Untrusted" With Simple extension, and using the same configuration: - no access at all via HTTPS. no response or log message at all on the server at startup or on request Anyone else successfully serving up CA-signed HTTPS using Jetty or Simple? And why doesn't the default connector do HTTPS? Also, I've never been clear on what the org.restlet.ext.ssl module is for- will it add HTTPS support to the default restlet connector? Thanks, -Dave Fogel ------------------------------------------------------ http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2604257