Mattias Arbin writes:
> Hi,
> I now use 1.1.9 and get:
> E:\java\orion>java -jar orion.jar
> Error listening to SSLServerSocket: No available certificate corresponds to
> the
> SSL cipher suites which are enabled.
> Orion/1.1.9 initialized
>
> What could be bad with my certificate? I have done exactly what is told in
> the documentation. (See my previous post)
> How do I know which "SSL cipher suites" that "are enabled"?
> How does Orion know which certificate in the keystore to use? When I have
> several entries in the keystore, I get:
> Error starting HttpServer: Unable to intialize SSLServerSocketFactory
> 'com.evermind.ssl.JSSESSLServerSocketFactory': Unrecoverable key error:
> Cannot recover key
> I feel pretty frustrated. SSL is a must in my case and right now these
> problems makes it impossible to use Orion in our project. Too bad, because
> Orion seems very nice.
>
> Could somebody that has a working SSL configuration confirm that it is
> possible to make it work.
>
The trick is not to use keytool. We have just tested to make our own
com.evermind.ssl.SSLServerSocketFactory which rely on the pkcs#12 part
of iaik jce.
We then feed jsse with pkcs#12 files instead of a keystore file. The
initial test works great and because we supply a initial seed for
JSSE we get a great performance hit. Other then that it is pure
JSSE. Try to make sure that you are using jsse1.0.1.
The only thing we have not managed to figure out is how to make orion
use our SSLServerSocketFactory implementation. Because of classloader
problems you have to modify the orion.jar file and add our class. The
only problem with this solution is that iaik is a commercial
software. We have not been able to find a free implementation of pkcs#12.
Best Regards
/Daniel Stahl
