I have tried to dig deeper into the SSL problem, while it is a major
showstopper right now and a problem that has to be solved before I can use
Orion in my project.
I have made to bat files for the certificate generation to be able to play
around a little faster:
step1.bat:
keytool -genkey -keyalg "RSA" -alias testalias -keystore mykeystore -dname
"cn=My Name, ou=MyCompany, o=MyCompany, c=SE" -storepass 123456 -keypass
654321 -validity 360
keytool -certreq -keyalg "RSA" -alias testalias -file
localhost.csr -storepass 123456 -keypass 654321 -keystore mykeystore
rem Go to thawte and copy the contents of localhost.csr.
start https://www.thawte.com/cgi/server/test.exe
step2.bat
rem Before running this, save the output from Thawte into localhost.cer
keytool -import -trustcacerts -file localhost.cer -keystore
mykeystore -storepass 123456 -keypass 654321
Output when running the scripts:
E:\test>java -version
java version "1.3.0"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.3.0-C)
Java HotSpot(TM) Server VM (build 2.0fcs-E, mixed mode)
E:\test>step1
E:\test>keytool -genkey -keyalg "RSA" -alias testalias -keystore
mykeystore -dna
me "cn=My Name, ou=MyCompany, o=MyCompany, c=SE" -storepass 123456 -keypass
6543
21 -validity 360
E:\test>keytool -certreq -keyalg "RSA" -alias testalias -file
localhost.csr -sto
repass 123456 -keypass 654321 -keystore mykeystore
E:\test>start https://www.thawte.com/cgi/server/test.exe
E:\test>step2
E:\test>keytool -import -trustcacerts -file localhost.cer -keystore
mykeystore
-storepass 123456 -keypass 654321
Owner: CN=My Name, OU=MyCompany, O=MyCompany, C=SE
Issuer: CN=Thawte Test CA Root, OU=TEST TEST TEST, O=Thawte Certification,
ST=FO
R TESTING PURPOSES ONLY, C=ZA
Serial number: 488d5a
Valid from: Tue Jul 04 09:55:28 GMT+02:00 2000 until: Fri Aug 04 09:55:28
GMT+02
:00 2000
Certificate fingerprints:
MD5: AE:C8:43:16:A5:FC:15:70:6A:A6:2D:D8:7F:8F:8C:87
SHA1: D1:98:C0:C7:DA:D5:DB:D5:D1:E3:C6:A1:39:A0:59:34:0A:8F:DC:99
Trust this certificate? [no]: yes
Certificate was added to keystore
E:\test>keystore -list -keystore mykeystore
'keystore' is not recognized as an internal or external command,
operable program or batch file.
E:\test>keytool -list -keystore mykeystore
Enter keystore password: 123456
Keystore type: jks
Keystore provider: SUN
Your keystore contains 2 entries:
mykey, Tue Jul 04 09:53:14 GMT+02:00 2000, trustedCertEntry,
Certificate fingerprint (MD5):
AE:C8:43:16:A5:FC:15:70:6A:A6:2D:D8:7F:8F:8C:87
testalias, Tue Jul 04 09:51:48 GMT+02:00 2000, keyEntry,
Certificate fingerprint (MD5):
BE:ED:A9:00:04:5D:A6:F4:9A:92:40:25:0C:AB:9C:EC
OK. Now I start Orion (I have tried it with 1.0, 1.1.4, 1.1.8 with the same
result):
E:\java\orion>java -jar orion.jar
Error starting HttpServer: Unable to intialize SSLServerSocketFactory
'com.evermind.ssl.JSSESSLServerSocketFactory': Unrecoverable key error:
Cannot recover key
Now to something interesting: I delete the key with the alias 'testalias':
E:\test>keytool -delete -alias testalias -keystore mykeystore
Enter keystore password: 123456
E:\test>keytool -list -keystore mykeystore
Enter keystore password: 123456
Keystore type: jks
Keystore provider: SUN
Your keystore contains 1 entry:
mykey, Tue Jul 04 09:53:14 GMT+02:00 2000, trustedCertEntry,
Certificate fingerprint (MD5):
AE:C8:43:16:A5:FC:15:70:6A:A6:2D:D8:7F:8F:8C:87
Now I start Orion again:
E:\java\orion>java -jar orion.jar
Orion/1.1.8 initialized
Orion initializes, but takes about 100% CPU and accessing
https://localhost:443 fails.
Does anybody have a clue?
/Thanks,
Mattias Arbin, Ctakt AB
My secure-web-site.xml:
<?xml version="1.0"?>
<!DOCTYPE web-site PUBLIC "Orion Web-site"
"http://www.orionserver.com/dtds/web-site.dtd">
<web-site host="[ALL]" secure="true" port="443" display-name="Default Orion
WebSite">
<!-- The default web-app for this site, bound to the root -->
<ssl-config keystore="../../../test/mykeystore" keystore-password="123456"
/>
<default-web-app application="default" name="defaultWebApp" />
<!-- Uncomment this to activate the news app -->
<!-- <web-app application="news" name="news-web" root="/news" /> -->
<!-- Access Log, where requests are logged to -->
<access-log path="../log/default-web-access.log" />
</web-site>
My server.xml:
<?xml version="1.0"?>
<!DOCTYPE application-server PUBLIC "Orion Application Server Config"
"http://www.orionserver.com/dtds/application-server.dtd">
<application-server
application-directory="../applications"
deployment-directory="../application-deployments">
<rmi-config path="./rmi.xml" />
<!-- JMS-server config link, uncomment to activate the JMS service -->
<!-- <jms-config path="./jms.xml" /> -->
<principals path="./principals.xml" />
<log>
<file path="../log/server.log" />
</log>
<global-application name="default" path="application.xml" />
<global-web-app-config path="global-web-application.xml" />
<web-site path="./default-web-site.xml" />
<web-site path="./secure-web-site.xml" />
<!-- Compiler, activate this to specify an alternative compiler such
as jikes for EJB/JSP compiling. -->
<!-- <compiler executable="jikes" classpath="/myjdkdir/jre/lib/rt.jar"
/> -->
</application-server>
I run Windows 2000 and
E:\java\orion>java -version (Have tried with other versions with the same
result)
java version "1.3.0"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.3.0-C)
Java HotSpot(TM) Server VM (build 2.0fcs-E, mixed mode)
