Daniel, can you give us (well, me) a HOwto on this?
On Thu, 6 Jul 2000, Daniel Stahl wrote:
> Mattias Arbin writes:
> > Hi,
> > I now use 1.1.9 and get:
> > E:\java\orion>java -jar orion.jar
> > Error listening to SSLServerSocket: No available certificate corresponds to
> > the
> > SSL cipher suites which are enabled.
> > Orion/1.1.9 initialized
> >
> > What could be bad with my certificate? I have done exactly what is told in
> > the documentation. (See my previous post)
> > How do I know which "SSL cipher suites" that "are enabled"?
> > How does Orion know which certificate in the keystore to use? When I have
> > several entries in the keystore, I get:
> > Error starting HttpServer: Unable to intialize SSLServerSocketFactory
> > 'com.evermind.ssl.JSSESSLServerSocketFactory': Unrecoverable key error:
> > Cannot recover key
> > I feel pretty frustrated. SSL is a must in my case and right now these
> > problems makes it impossible to use Orion in our project. Too bad, because
> > Orion seems very nice.
> >
> > Could somebody that has a working SSL configuration confirm that it is
> > possible to make it work.
> >
>
> The trick is not to use keytool. We have just tested to make our own
> com.evermind.ssl.SSLServerSocketFactory which rely on the pkcs#12 part
> of iaik jce.
> We then feed jsse with pkcs#12 files instead of a keystore file. The
> initial test works great and because we supply a initial seed for
> JSSE we get a great performance hit. Other then that it is pure
> JSSE. Try to make sure that you are using jsse1.0.1.
> The only thing we have not managed to figure out is how to make orion
> use our SSLServerSocketFactory implementation. Because of classloader
> problems you have to modify the orion.jar file and add our class. The
> only problem with this solution is that iaik is a commercial
> software. We have not been able to find a free implementation of pkcs#12.
>
> Best Regards
> /Daniel Stahl
>
>
>
-----------------------------------------------------------
Joseph B. Ottinger [EMAIL PROTECTED]
http://cupid.suninternet.com/~joeo HOMES.COM Developer