Karl,
Its been a couple of
weeks since there was any activity on this thread.
I am now ready to
get my beta site ready for deployment and need to get 128-bit SSL working with
Orion. Is this possible?
Thanks,
Paul
Knepper
Re: Help - SSL Usage in Production - is it really possbile?
- From: Karl Avedal
- Subject: Re: Help - SSL Usage in Production - is it really possbile?
- Date: Wed, 23 Aug 2000 10:47:01 -0700
Hello Mike, We're currently making sure that Thawte will have an Orion option for the purchase to make it easier to get a cert (and we'll work with Verisign too). We are also creating a guide to show how you can get a 128 bit or 40 bit production license. Regards, Karl Avedal Mike Clark wrote: > Unfortunately, that cert is no longer available from Thawte. We're still out of > business with Orion using a production SSL certificate. > > What gives? > > Mike > > Mattias Arbin wrote: > > > I have Orion running with a "real" 40-bit cert from Thawte. > > I guess it does not matter which web-server you say you have. Probably it is > > for statistics. (I chose Java Webserver). > > You will be able to choose from a number of different formats when you > > download the cert. > > Here I chose "PKCS #7 Certificate Chain". Make sure that you save it in a > > file that ends with a new line before importing it to the keystore. > > Good luck. > > /Mattias > > > > ----- Original Message ----- > > From: "Mike Fontenot" <[EMAIL PROTECTED]> > > To: "Orion-Interest" <[EMAIL PROTECTED]> > > Cc: <[EMAIL PROTECTED]> > > Sent: Friday, August 18, 2000 10:50 PM > > Subject: Help - SSL Usage in Production - is it really possbile? > > > > > orion users, > > > > > > I've been using the test certificate from Thawte, as both the orion docs. > > > and the OrionSupport suggested. That has been working fine. However, I am > > > now ready to move to production with our e-commerce system and I have run > > > into some major snags that leads me to think NO one is using Orion in a > > > production SSL environment. > > > > > > After going through the Thawte process for getting a server cert, the > > 'pick > > > your web server' does not list Orion. After talking with Thawte support > > they > > > suggested picking 'Apache SSL' as a choice. Ok, that seems fine to me. > > > However, they also said I would need to pick the certificate type: x509v3. > > > > > > Since I've been using the 'SSL Chained CA Cert' for development, I wanted > > to > > > try this out with a development cert to be sure it would work. I tried > > this > > > using a X509v3 development cert but it will not work. Again, after getting > > > back in touch with Thawte support regarding X509v3 not working, I said I > > > will need to just use the 'SSL Chained CA Cert'. They then informed me > > that > > > they no longer sell this type of certificate, and that I must go to > > Verisign > > > to obtain this type of certificate. Well, my first question to Thawte was > > > 'If you dont sell this type of certificate, why is it available on your > > > developers cert pages?' Answer from Thawte: 'Yeah, I've been meaning to > > talk > > > to our developers to take that off the website.'. > > > > > > Guess how much hair I've lost so far!? Now I am in the 'process' of > > getting > > > a certificate from Verisign. Of course they do not have 'Orion Server' > > > listed in their pick list of valid webservers. Since I just started this > > > process today I really dont know if they can/cannot support the type of > > SSL > > > certificate I will need to work with Orion. > > > > > > I'll be the first to admit I'm not real familiar with the Java 1.3 > > keytool, > > > and different certificate meanings. But, if anyone has really obtained a > > > valid production level SSL certificate, from any Certificate Authority, > > and > > > successfully integrated this with Orion, please let me/us know how this > > was > > > accomplished. The only docs I've see are related to development certs, and > > > as I stated earlier, I've got this working fine. I now need to graduate to > > > real e-commerce transactions. Please dont make me go back to Apache/JRun, > > I > > > feel Orion is so much better but this is a real show-stopper. I have > > looked > > > through the orion mail archives and it seems all discussions are related > > to > > > trying to get the developer certs to work, not production certs. > > > > > > Thanks in advance, > > > Mike > > > > > > ======================================== > > > Mike Fontenot - Object Systems Architect > > > BrandMatrix, Ltd. > > > Golden, Colorado > > > ======================================== > > > > > -- > ////////////////////////////////////////////////////// > // > // Mike Clark > // > // Clarkware Consulting > // Enterprise Java Architecture, Design, Development > // > // http://www.clarkware.com > // [EMAIL PROTECTED] > // +1.720.851.2014 > //