I noticed that there is a 1.1.9 version. Tried that.
Now I get another message:
E:\java\orion>java -jar orion.jar
Error listening to SSLServerSocket: No available certificate corresponds to
the
SSL cipher suites which are enabled.
Orion/1.1.9 initialized
Seems like the new release changed something.
It would be really great to have a comment from the Orion team about this.
I also have a question:
How does Orion know which of the certificates in the keystore to use? It
seems like it gets confused if you have more than one entry in the keystore.
/Mattias
----- Original Message -----
From: "Mattias Arbin" <[EMAIL PROTECTED]>
To: "Orion-Interest" <[EMAIL PROTECTED]>
Sent: Tuesday, July 04, 2000 10:14 AM
Subject: SSL-problems (was SSL->100% CPU)
> I have tried to dig deeper into the SSL problem, while it is a major
> showstopper right now and a problem that has to be solved before I can use
> Orion in my project.
>
> I have made to bat files for the certificate generation to be able to play
> around a little faster:
>
> step1.bat:
> keytool -genkey -keyalg "RSA" -alias testalias -keystore mykeystore -dname
> "cn=My Name, ou=MyCompany, o=MyCompany, c=SE" -storepass 123456 -keypass
> 654321 -validity 360
>
> keytool -certreq -keyalg "RSA" -alias testalias -file
> localhost.csr -storepass 123456 -keypass 654321 -keystore mykeystore
>
> rem Go to thawte and copy the contents of localhost.csr.
> start https://www.thawte.com/cgi/server/test.exe
>
>
> step2.bat
> rem Before running this, save the output from Thawte into localhost.cer
> keytool -import -trustcacerts -file localhost.cer -keystore
> mykeystore -storepass 123456 -keypass 654321
>
> Output when running the scripts:
> E:\test>java -version
> java version "1.3.0"
> Java(TM) 2 Runtime Environment, Standard Edition (build 1.3.0-C)
> Java HotSpot(TM) Server VM (build 2.0fcs-E, mixed mode)
>
> E:\test>step1
>
> E:\test>keytool -genkey -keyalg "RSA" -alias testalias -keystore
> mykeystore -dna
> me "cn=My Name, ou=MyCompany, o=MyCompany, c=SE" -storepass
123456 -keypass
> 6543
> 21 -validity 360
>
> E:\test>keytool -certreq -keyalg "RSA" -alias testalias -file
> localhost.csr -sto
> repass 123456 -keypass 654321 -keystore mykeystore
>
> E:\test>start https://www.thawte.com/cgi/server/test.exe
> E:\test>step2
>
> E:\test>keytool -import -trustcacerts -file localhost.cer -keystore
> mykeystore
> -storepass 123456 -keypass 654321
> Owner: CN=My Name, OU=MyCompany, O=MyCompany, C=SE
> Issuer: CN=Thawte Test CA Root, OU=TEST TEST TEST, O=Thawte Certification,
> ST=FO
> R TESTING PURPOSES ONLY, C=ZA
> Serial number: 488d5a
> Valid from: Tue Jul 04 09:55:28 GMT+02:00 2000 until: Fri Aug 04 09:55:28
> GMT+02
> :00 2000
> Certificate fingerprints:
> MD5: AE:C8:43:16:A5:FC:15:70:6A:A6:2D:D8:7F:8F:8C:87
> SHA1: D1:98:C0:C7:DA:D5:DB:D5:D1:E3:C6:A1:39:A0:59:34:0A:8F:DC:99
> Trust this certificate? [no]: yes
> Certificate was added to keystore
> E:\test>keystore -list -keystore mykeystore
> 'keystore' is not recognized as an internal or external command,
> operable program or batch file.
>
> E:\test>keytool -list -keystore mykeystore
> Enter keystore password: 123456
>
> Keystore type: jks
> Keystore provider: SUN
>
> Your keystore contains 2 entries:
>
> mykey, Tue Jul 04 09:53:14 GMT+02:00 2000, trustedCertEntry,
> Certificate fingerprint (MD5):
> AE:C8:43:16:A5:FC:15:70:6A:A6:2D:D8:7F:8F:8C:87
> testalias, Tue Jul 04 09:51:48 GMT+02:00 2000, keyEntry,
> Certificate fingerprint (MD5):
> BE:ED:A9:00:04:5D:A6:F4:9A:92:40:25:0C:AB:9C:EC
>
> OK. Now I start Orion (I have tried it with 1.0, 1.1.4, 1.1.8 with the
same
> result):
> E:\java\orion>java -jar orion.jar
> Error starting HttpServer: Unable to intialize SSLServerSocketFactory
> 'com.evermind.ssl.JSSESSLServerSocketFactory': Unrecoverable key error:
> Cannot recover key
>
> Now to something interesting: I delete the key with the alias 'testalias':
> E:\test>keytool -delete -alias testalias -keystore mykeystore
> Enter keystore password: 123456
>
> E:\test>keytool -list -keystore mykeystore
> Enter keystore password: 123456
>
> Keystore type: jks
> Keystore provider: SUN
>
> Your keystore contains 1 entry:
>
> mykey, Tue Jul 04 09:53:14 GMT+02:00 2000, trustedCertEntry,
> Certificate fingerprint (MD5):
> AE:C8:43:16:A5:FC:15:70:6A:A6:2D:D8:7F:8F:8C:87
>
> Now I start Orion again:
> E:\java\orion>java -jar orion.jar
> Orion/1.1.8 initialized
>
> Orion initializes, but takes about 100% CPU and accessing
> https://localhost:443 fails.
>
> Does anybody have a clue?
> /Thanks,
> Mattias Arbin, Ctakt AB
>
>
> My secure-web-site.xml:
> <?xml version="1.0"?>
> <!DOCTYPE web-site PUBLIC "Orion Web-site"
> "http://www.orionserver.com/dtds/web-site.dtd">
>
> <web-site host="[ALL]" secure="true" port="443" display-name="Default
Orion
> WebSite">
> <!-- The default web-app for this site, bound to the root -->
> <ssl-config keystore="../../../test/mykeystore"
keystore-password="123456"
> />
> <default-web-app application="default" name="defaultWebApp" />
>
> <!-- Uncomment this to activate the news app -->
> <!-- <web-app application="news" name="news-web" root="/news" /> -->
> <!-- Access Log, where requests are logged to -->
> <access-log path="../log/default-web-access.log" />
> </web-site>
>
> My server.xml:
> <?xml version="1.0"?>
> <!DOCTYPE application-server PUBLIC "Orion Application Server Config"
> "http://www.orionserver.com/dtds/application-server.dtd">
>
> <application-server
> application-directory="../applications"
> deployment-directory="../application-deployments">
> <rmi-config path="./rmi.xml" />
> <!-- JMS-server config link, uncomment to activate the JMS service -->
> <!-- <jms-config path="./jms.xml" /> -->
> <principals path="./principals.xml" />
> <log>
> <file path="../log/server.log" />
> </log>
>
> <global-application name="default" path="application.xml" />
>
> <global-web-app-config path="global-web-application.xml" />
>
> <web-site path="./default-web-site.xml" />
> <web-site path="./secure-web-site.xml" />
>
> <!-- Compiler, activate this to specify an alternative compiler such
> as jikes for EJB/JSP compiling. -->
> <!-- <compiler executable="jikes" classpath="/myjdkdir/jre/lib/rt.jar"
> /> -->
>
> </application-server>
>
> I run Windows 2000 and
> E:\java\orion>java -version (Have tried with other versions with the same
> result)
> java version "1.3.0"
> Java(TM) 2 Runtime Environment, Standard Edition (build 1.3.0-C)
> Java HotSpot(TM) Server VM (build 2.0fcs-E, mixed mode)
>
