orion users,
I've been using the test certificate from Thawte, as both the orion docs.
and the OrionSupport suggested. That has been working fine. However, I am
now ready to move to production with our e-commerce system and I have run
into some major snags that leads me to think NO one is using Orion in a
production SSL environment.
After going through the Thawte process for getting a server cert, the 'pick
your web server' does not list Orion. After talking with Thawte support they
suggested picking 'Apache SSL' as a choice. Ok, that seems fine to me.
However, they also said I would need to pick the certificate type: x509v3.
Since I've been using the 'SSL Chained CA Cert' for development, I wanted to
try this out with a development cert to be sure it would work. I tried this
using a X509v3 development cert but it will not work. Again, after getting
back in touch with Thawte support regarding X509v3 not working, I said I
will need to just use the 'SSL Chained CA Cert'. They then informed me that
they no longer sell this type of certificate, and that I must go to Verisign
to obtain this type of certificate. Well, my first question to Thawte was
'If you dont sell this type of certificate, why is it available on your
developers cert pages?' Answer from Thawte: 'Yeah, I've been meaning to talk
to our developers to take that off the website.'.
Guess how much hair I've lost so far!? Now I am in the 'process' of getting
a certificate from Verisign. Of course they do not have 'Orion Server'
listed in their pick list of valid webservers. Since I just started this
process today I really dont know if they can/cannot support the type of SSL
certificate I will need to work with Orion.
I'll be the first to admit I'm not real familiar with the Java 1.3 keytool,
and different certificate meanings. But, if anyone has really obtained a
valid production level SSL certificate, from any Certificate Authority, and
successfully integrated this with Orion, please let me/us know how this was
accomplished. The only docs I've see are related to development certs, and
as I stated earlier, I've got this working fine. I now need to graduate to
real e-commerce transactions. Please dont make me go back to Apache/JRun, I
feel Orion is so much better but this is a real show-stopper. I have looked
through the orion mail archives and it seems all discussions are related to
trying to get the developer certs to work, not production certs.
Thanks in advance,
Mike
========================================
Mike Fontenot - Object Systems Architect
BrandMatrix, Ltd.
Golden, Colorado
========================================
