I have Orion running with a "real" 40-bit cert from Thawte.
I guess it does not matter which web-server you say you have. Probably it is
for statistics. (I chose Java Webserver).
You will be able to choose from a number of different formats when you
download the cert.
Here I chose "PKCS #7 Certificate Chain". Make sure that you save it in a
file that ends with a new line before importing it to the keystore.
Good luck.
/Mattias
----- Original Message -----
From: "Mike Fontenot" <[EMAIL PROTECTED]>
To: "Orion-Interest" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Friday, August 18, 2000 10:50 PM
Subject: Help - SSL Usage in Production - is it really possbile?
> orion users,
>
> I've been using the test certificate from Thawte, as both the orion docs.
> and the OrionSupport suggested. That has been working fine. However, I am
> now ready to move to production with our e-commerce system and I have run
> into some major snags that leads me to think NO one is using Orion in a
> production SSL environment.
>
> After going through the Thawte process for getting a server cert, the
'pick
> your web server' does not list Orion. After talking with Thawte support
they
> suggested picking 'Apache SSL' as a choice. Ok, that seems fine to me.
> However, they also said I would need to pick the certificate type: x509v3.
>
> Since I've been using the 'SSL Chained CA Cert' for development, I wanted
to
> try this out with a development cert to be sure it would work. I tried
this
> using a X509v3 development cert but it will not work. Again, after getting
> back in touch with Thawte support regarding X509v3 not working, I said I
> will need to just use the 'SSL Chained CA Cert'. They then informed me
that
> they no longer sell this type of certificate, and that I must go to
Verisign
> to obtain this type of certificate. Well, my first question to Thawte was
> 'If you dont sell this type of certificate, why is it available on your
> developers cert pages?' Answer from Thawte: 'Yeah, I've been meaning to
talk
> to our developers to take that off the website.'.
>
> Guess how much hair I've lost so far!? Now I am in the 'process' of
getting
> a certificate from Verisign. Of course they do not have 'Orion Server'
> listed in their pick list of valid webservers. Since I just started this
> process today I really dont know if they can/cannot support the type of
SSL
> certificate I will need to work with Orion.
>
> I'll be the first to admit I'm not real familiar with the Java 1.3
keytool,
> and different certificate meanings. But, if anyone has really obtained a
> valid production level SSL certificate, from any Certificate Authority,
and
> successfully integrated this with Orion, please let me/us know how this
was
> accomplished. The only docs I've see are related to development certs, and
> as I stated earlier, I've got this working fine. I now need to graduate to
> real e-commerce transactions. Please dont make me go back to Apache/JRun,
I
> feel Orion is so much better but this is a real show-stopper. I have
looked
> through the orion mail archives and it seems all discussions are related
to
> trying to get the developer certs to work, not production certs.
>
> Thanks in advance,
> Mike
>
> ========================================
> Mike Fontenot - Object Systems Architect
> BrandMatrix, Ltd.
> Golden, Colorado
> ========================================
>
