Did you get a 40-bit or 128-bit cert? Orion informed me we can use 128-bit
if we get the domestic JSSE from Sun.
Dale
----- Original Message -----
From: Mike Fontenot <[EMAIL PROTECTED]>
To: Orion-Interest <[EMAIL PROTECTED]>
Sent: Monday, August 28, 2000 11:15 AM
Subject: Obtaining an SSL Certificate
> Orion users,
>
> I wanted to let you know that I have obtained a production SSL certificate
> from Verisign and installed this into a production Orion application
server
> running on Solaris. Maybe this is not big news to everyone but for me it
is
> significant.
>
> After much development time with the Thawte Developer 'Test SSL Chained CA
> Cert', I found out that Thawte no longer sells this type of certificate.
> Also, after trying unsuccessfully to use one of their other certificates,
> they sent me to Verisign.
>
> The Verisign process is a bit murkier than the Thawte process, but no less
> byzantine. Aside from the mounds of paperwork you must produce to 'prove'
> you are who you say you are, the choices you are able to select when
> obtaining the cert are few, in fact there is only one choice. When asked
> what kind of server software/who manufactures my server software, the
choice
> I made was 'JavaSoft'.
>
> That was it, after days of paperwork shuffling I was emailed a cert. I
> installed this into my keystore, and then into an Orion SSL website. It
> works.
>
> Steps to obtain a cert.
> 1. Using the Java 1.3 JDK on Windows, I followed the instructions for
> setting up a secure site using SSL as found on the Orion website and the
> OrionSupport. Fill out ALL of the fields when creating your original
> keystore.
>
> Example (I'm in the US):
> user firstname lastname: make this your website name - www.yoursite.com
> Organization: your company name - Acme
> Organizational Unit: your companies domain name - acme.com
> City/Locality: your city: AcmeVille
> State: your state, capitalize this - Colorado
> Country: the 2 letter code for country - US
>
> 2. Create a Certificate Signing Request - again, following the
instructions
> on both Orion & Orionsupport, the CSR is created. You will need this when
> filling out the Verisign website information. If there is anything funky
in
> your CSR, Verisign will notify you right there and you will not be able to
> proceed until you fix whatever the error is.
>
> 3. Begin the paperwork process with Verisign. Their site details what is
> required so I won't repeat it here. Be advised that if you are in a
> hurry..., sit back, take a deep breath (maybe a glass of scotch), and
chill
> out. They don't care. Nothing moves on their end until you produce ALL of
> the required paperwork. Now, you can help speed things a bit but quickly
> faxing everything they ask for, then following up with a phone call to
> customer support.
>
> 4. Magically, you will get an email from Verisign with a cert attached.
Copy
> this to a file and import this into your keystore as described in
> Orion/Orionsupport.
>
> 5. Install your keystore into a SSL website. You should be good to go now.
>
> Now I would like to say this is a happy ending, and for the most part it
is.
> However, I still cannot use Orion in production with SSL because of a
weird
> problem when accessing the ORion SSL website using Netscape. Doing this
> causes the Orion JVM to go to 100% CPU utilization and the application
> crawls. It does not happen right away, but as soon as I do my first POST
on
> a page after transferring into SSL from non-SSL, the cpu goes to 100% and
> stays there. I experience this on my development system, WindowsNT 4
(SP6).
> I have notified the Orion team about this and hopefully they are working
on
> a solution. If anyone else has seen this and figured out a workaround,
we'd
> love to hear from you.
>
> Regards,
> Mike
>
>
> ========================================
> Mike Fontenot - Object Systems Architect
> BrandMatrix, Ltd.
> Golden, Colorado
> ========================================
>
>
