Re: Help - SSL Usage in Production - is it really possbile?
Hello Paul, It's possible to use 128 bit SSL with Orion. Just about now it will be possible to use 128 bit globally and not just in the US. I know a few customers are using it today, but we are still working on making an easy way to get a production cert with Orion. We are in contact with Thawte (Owned by Verisign these days) about adding an Orion option on their website and that will be done. For now, I think it's best to get a "Netscape cert chain format" or a "PKCS#7 cert chain format". Regards, Karl Avedal Paul Knepper wrote: > Karl,Its been a couple of weeks since there was any activity on this > thread.I am now ready to get my beta site ready for deployment and > need to get 128-bit SSL working with Orion. Is this > possible?Thanks,Paul Knepper
Re: Help - SSL Usage in Production - is it really possbile?
Karl, Its been a couple of weeks since there was any activity on this thread. I am now ready to get my beta site ready for deployment and need to get 128-bit SSL working with Orion. Is this possible? Thanks, Paul Knepper Re: Help - SSL Usage in Production - is it really possbile? From: Karl Avedal Subject: Re: Help - SSL Usage in Production - is it really possbile? Date: Wed, 23 Aug 2000 10:47:01 -0700 Hello Mike, We're currently making sure that Thawte will have an Orion option for the purchase to make it easier to get a cert (and we'll work with Verisign too). We are also creating a guide to show how you can get a 128 bit or 40 bit production license. Regards, Karl Avedal Mike Clark wrote: > Unfortunately, that cert is no longer available from Thawte. We're still out of > business with Orion using a production SSL certificate. > > What gives? > > Mike > > Mattias Arbin wrote: > > > I have Orion running with a "real" 40-bit cert from Thawte. > > I guess it does not matter which web-server you say you have. Probably it is > > for statistics. (I chose Java Webserver). > > You will be able to choose from a number of different formats when you > > download the cert. > > Here I chose "PKCS #7 Certificate Chain". Make sure that you save it in a > > file that ends with a new line before importing it to the keystore. > > Good luck. > > /Mattias > > > > - Original Message - > > From: "Mike Fontenot" <[EMAIL PROTECTED]> > > To: "Orion-Interest" <[EMAIL PROTECTED]> > > Cc: <[EMAIL PROTECTED]> > > Sent: Friday, August 18, 2000 10:50 PM > > Subject: Help - SSL Usage in Production - is it really possbile? > > > > > orion users, > > > > > > I've been using the test certificate from Thawte, as both the orion docs. > > > and the OrionSupport suggested. That has been working fine. However, I am > > > now ready to move to production with our e-commerce system and I have run > > > into some major snags that leads me to think NO one is using Orion in a > > > production SSL environment. > > > > > > After going through the Thawte process for getting a server cert, the > > 'pick > > > your web server' does not list Orion. After talking with Thawte support > > they > > > suggested picking 'Apache SSL' as a choice. Ok, that seems fine to me. > > > However, they also said I would need to pick the certificate type: x509v3. > > > > > > Since I've been using the 'SSL Chained CA Cert' for development, I wanted > > to > > > try this out with a development cert to be sure it would work. I tried > > this > > > using a X509v3 development cert but it will not work. Again, after getting > > > back in touch with Thawte support regarding X509v3 not working, I said I > > > will need to just use the 'SSL Chained CA Cert'. They then informed me > > that > > > they no longer sell this type of certificate, and that I must go to > > Verisign > > > to obtain this type of certificate. Well, my first question to Thawte was > > > 'If you dont sell this type of certificate, why is it available on your > > > developers cert pages?' Answer from Thawte: 'Yeah, I've been meaning to > > talk > > > to our developers to take that off the website.'. > > > > > > Guess how much hair I've lost so far!? Now I am in the 'process' of > > getting > > > a certificate from Verisign. Of course they do not have 'Orion Server' > > > listed in their pick list of valid webservers. Since I just started this > > > process today I really dont know if they can/cannot support the type of > > SSL > > > certificate I will need to work with Orion. > > > > > > I'll be the first to admit I'm not real familiar with the Java 1.3 > > keytool, > > > and different certificate meanings. But, if anyone has really obtained a > > > valid production level SSL certificate, from any Certificate Authority, > > and > > > successfully integrated this with Orion, please let me/us know how this > > was > > > accomplished. The only docs I've see are related to development certs, and > > > as I stated earlier, I've got this working fine. I now need to graduate to > > > real e-commerce transactions. Please dont make me go back to Apache/JRun, > > I > > > feel Orion is so much better but this is a real show-stopper. I have > > looked > > > through the orion mail archives and it seems all discussions are related > > to > > > trying to get the developer certs to work, not production certs. > > > > > > Thanks in advance, > > > Mike > > > > > > > > > Mike Fontenot - Object Systems Architect > > > BrandMatrix, Ltd. > > > Golden, Colorado > > > > > > > > -- > // > // > // Mike Clark > // > // Clarkware Consulting > // Enterprise Java Architecture, Design, Development > // > // http://www.clarkware.com > // [EMAIL PROTECTED] > // +1.720.851.2014 > //
Re: Help - SSL Usage in Production - is it really possbile?
Any idea when we'll be able to get a production cert? Mike --- Karl Avedal <[EMAIL PROTECTED]> wrote: > Hello Mike, > > We're currently making sure that Thawte will have an Orion option for > the purchase > to make it easier to get a cert (and we'll work with Verisign too). > > We are also creating a guide to show how you can get a 128 bit or 40 > bit production > license. > > Regards, > Karl Avedal > > Mike Clark wrote: > > > Unfortunately, that cert is no longer available from Thawte. We're > still out of > > business with Orion using a production SSL certificate. > > > > What gives? > > > > Mike > > > > Mattias Arbin wrote: > > > > > I have Orion running with a "real" 40-bit cert from Thawte. > > > I guess it does not matter which web-server you say you have. > Probably it is > > > for statistics. (I chose Java Webserver). > > > You will be able to choose from a number of different formats > when you > > > download the cert. > > > Here I chose "PKCS #7 Certificate Chain". Make sure that you save > it in a > > > file that ends with a new line before importing it to the > keystore. > > > Good luck. > > > /Mattias > > > > > > - Original Message - > > > From: "Mike Fontenot" <[EMAIL PROTECTED]> > > > To: "Orion-Interest" <[EMAIL PROTECTED]> > > > Cc: <[EMAIL PROTECTED]> > > > Sent: Friday, August 18, 2000 10:50 PM > > > Subject: Help - SSL Usage in Production - is it really possbile? > > > > > > > orion users, > > > > > > > > I've been using the test certificate from Thawte, as both the > orion docs. > > > > and the OrionSupport suggested. That has been working fine. > However, I am > > > > now ready to move to production with our e-commerce system and > I have run > > > > into some major snags that leads me to think NO one is using > Orion in a > > > > production SSL environment. > > > > > > > > After going through the Thawte process for getting a server > cert, the > > > 'pick > > > > your web server' does not list Orion. After talking with Thawte > support > > > they > > > > suggested picking 'Apache SSL' as a choice. Ok, that seems fine > to me. > > > > However, they also said I would need to pick the certificate > type: x509v3. > > > > > > > > Since I've been using the 'SSL Chained CA Cert' for > development, I wanted > > > to > > > > try this out with a development cert to be sure it would work. > I tried > > > this > > > > using a X509v3 development cert but it will not work. Again, > after getting > > > > back in touch with Thawte support regarding X509v3 not working, > I said I > > > > will need to just use the 'SSL Chained CA Cert'. They then > informed me > > > that > > > > they no longer sell this type of certificate, and that I must > go to > > > Verisign > > > > to obtain this type of certificate. Well, my first question to > Thawte was > > > > 'If you dont sell this type of certificate, why is it available > on your > > > > developers cert pages?' Answer from Thawte: 'Yeah, I've been > meaning to > > > talk > > > > to our developers to take that off the website.'. > > > > > > > > Guess how much hair I've lost so far!? Now I am in the > 'process' of > > > getting > > > > a certificate from Verisign. Of course they do not have 'Orion > Server' > > > > listed in their pick list of valid webservers. Since I just > started this > > > > process today I really dont know if they can/cannot support the > type of > > > SSL > > > > certificate I will need to work with Orion. > > > > > > > > I'll be the first to admit I'm not real familiar with the Java > 1.3 > > > keytool, > > > > and different certificate meanings. But, if anyone has really > obtained a > > > > valid production level SSL certificate, from any Certificate > Authority, > > > and > > > > successfully integrated this with Orion, please let me/us know > how this > > > was > > > > accomplished. The only docs I've see are related to development > certs, and > > >
Re: Help - SSL Usage in Production - is it really possbile?
Any idea on when this may be available to us? - Original Message - From: "Karl Avedal" <[EMAIL PROTECTED]> To: "Orion-Interest" <[EMAIL PROTECTED]> Sent: Wednesday, August 23, 2000 1:37 PM Subject: Re: Help - SSL Usage in Production - is it really possbile? > Hello Mike, > > We're currently making sure that Thawte will have an Orion option for the purchase > to make it easier to get a cert (and we'll work with Verisign too). > > We are also creating a guide to show how you can get a 128 bit or 40 bit production > license. > > Regards, > Karl Avedal > > Mike Clark wrote: > > > Unfortunately, that cert is no longer available from Thawte. We're still out of > > business with Orion using a production SSL certificate. > > > > What gives? > > > > Mike > > > > Mattias Arbin wrote: > > > > > I have Orion running with a "real" 40-bit cert from Thawte. > > > I guess it does not matter which web-server you say you have. Probably it is > > > for statistics. (I chose Java Webserver). > > > You will be able to choose from a number of different formats when you > > > download the cert. > > > Here I chose "PKCS #7 Certificate Chain". Make sure that you save it in a > > > file that ends with a new line before importing it to the keystore. > > > Good luck. > > > /Mattias > > > > > > - Original Message - > > > From: "Mike Fontenot" <[EMAIL PROTECTED]> > > > To: "Orion-Interest" <[EMAIL PROTECTED]> > > > Cc: <[EMAIL PROTECTED]> > > > Sent: Friday, August 18, 2000 10:50 PM > > > Subject: Help - SSL Usage in Production - is it really possbile? > > > > > > > orion users, > > > > > > > > I've been using the test certificate from Thawte, as both the orion docs. > > > > and the OrionSupport suggested. That has been working fine. However, I am > > > > now ready to move to production with our e-commerce system and I have run > > > > into some major snags that leads me to think NO one is using Orion in a > > > > production SSL environment. > > > > > > > > After going through the Thawte process for getting a server cert, the > > > 'pick > > > > your web server' does not list Orion. After talking with Thawte support > > > they > > > > suggested picking 'Apache SSL' as a choice. Ok, that seems fine to me. > > > > However, they also said I would need to pick the certificate type: x509v3. > > > > > > > > Since I've been using the 'SSL Chained CA Cert' for development, I wanted > > > to > > > > try this out with a development cert to be sure it would work. I tried > > > this > > > > using a X509v3 development cert but it will not work. Again, after getting > > > > back in touch with Thawte support regarding X509v3 not working, I said I > > > > will need to just use the 'SSL Chained CA Cert'. They then informed me > > > that > > > > they no longer sell this type of certificate, and that I must go to > > > Verisign > > > > to obtain this type of certificate. Well, my first question to Thawte was > > > > 'If you dont sell this type of certificate, why is it available on your > > > > developers cert pages?' Answer from Thawte: 'Yeah, I've been meaning to > > > talk > > > > to our developers to take that off the website.'. > > > > > > > > Guess how much hair I've lost so far!? Now I am in the 'process' of > > > getting > > > > a certificate from Verisign. Of course they do not have 'Orion Server' > > > > listed in their pick list of valid webservers. Since I just started this > > > > process today I really dont know if they can/cannot support the type of > > > SSL > > > > certificate I will need to work with Orion. > > > > > > > > I'll be the first to admit I'm not real familiar with the Java 1.3 > > > keytool, > > > > and different certificate meanings. But, if anyone has really obtained a > > > > valid production level SSL certificate, from any Certificate Authority, > > > and > > > > successfully integrated this with Orion, please let me/us know how this > > > was > > > > accomplished. The only docs I've see are related to development certs, and > > > > as I stated earlier, I've got this working fine. I now need to graduate to > > > > real e-commerce transactions. Please dont make me go back to Apache/JRun, > > > I > > > > feel Orion is so much better but this is a real show-stopper. I have > > > looked > > > > through the orion mail archives and it seems all discussions are related > > > to > > > > trying to get the developer certs to work, not production certs. > > > > > > > > Thanks in advance, > > > > Mike > > > > > > > > > > > > Mike Fontenot - Object Systems Architect > > > > BrandMatrix, Ltd. > > > > Golden, Colorado > > > > > > > > > > > > -- > > // > > // > > // Mike Clark > > // > > // Clarkware Consulting > > // Enterprise Java Architecture, Design, Development > > // > > // http://www.clarkware.com > > // [EMAIL PROTECTED] > > // +1.720.851.2014 > > // > >
Re: Help - SSL Usage in Production - is it really possbile?
Hello Mike, We're currently making sure that Thawte will have an Orion option for the purchase to make it easier to get a cert (and we'll work with Verisign too). We are also creating a guide to show how you can get a 128 bit or 40 bit production license. Regards, Karl Avedal Mike Clark wrote: > Unfortunately, that cert is no longer available from Thawte. We're still out of > business with Orion using a production SSL certificate. > > What gives? > > Mike > > Mattias Arbin wrote: > > > I have Orion running with a "real" 40-bit cert from Thawte. > > I guess it does not matter which web-server you say you have. Probably it is > > for statistics. (I chose Java Webserver). > > You will be able to choose from a number of different formats when you > > download the cert. > > Here I chose "PKCS #7 Certificate Chain". Make sure that you save it in a > > file that ends with a new line before importing it to the keystore. > > Good luck. > > /Mattias > > > > - Original Message - > > From: "Mike Fontenot" <[EMAIL PROTECTED]> > > To: "Orion-Interest" <[EMAIL PROTECTED]> > > Cc: <[EMAIL PROTECTED]> > > Sent: Friday, August 18, 2000 10:50 PM > > Subject: Help - SSL Usage in Production - is it really possbile? > > > > > orion users, > > > > > > I've been using the test certificate from Thawte, as both the orion docs. > > > and the OrionSupport suggested. That has been working fine. However, I am > > > now ready to move to production with our e-commerce system and I have run > > > into some major snags that leads me to think NO one is using Orion in a > > > production SSL environment. > > > > > > After going through the Thawte process for getting a server cert, the > > 'pick > > > your web server' does not list Orion. After talking with Thawte support > > they > > > suggested picking 'Apache SSL' as a choice. Ok, that seems fine to me. > > > However, they also said I would need to pick the certificate type: x509v3. > > > > > > Since I've been using the 'SSL Chained CA Cert' for development, I wanted > > to > > > try this out with a development cert to be sure it would work. I tried > > this > > > using a X509v3 development cert but it will not work. Again, after getting > > > back in touch with Thawte support regarding X509v3 not working, I said I > > > will need to just use the 'SSL Chained CA Cert'. They then informed me > > that > > > they no longer sell this type of certificate, and that I must go to > > Verisign > > > to obtain this type of certificate. Well, my first question to Thawte was > > > 'If you dont sell this type of certificate, why is it available on your > > > developers cert pages?' Answer from Thawte: 'Yeah, I've been meaning to > > talk > > > to our developers to take that off the website.'. > > > > > > Guess how much hair I've lost so far!? Now I am in the 'process' of > > getting > > > a certificate from Verisign. Of course they do not have 'Orion Server' > > > listed in their pick list of valid webservers. Since I just started this > > > process today I really dont know if they can/cannot support the type of > > SSL > > > certificate I will need to work with Orion. > > > > > > I'll be the first to admit I'm not real familiar with the Java 1.3 > > keytool, > > > and different certificate meanings. But, if anyone has really obtained a > > > valid production level SSL certificate, from any Certificate Authority, > > and > > > successfully integrated this with Orion, please let me/us know how this > > was > > > accomplished. The only docs I've see are related to development certs, and > > > as I stated earlier, I've got this working fine. I now need to graduate to > > > real e-commerce transactions. Please dont make me go back to Apache/JRun, > > I > > > feel Orion is so much better but this is a real show-stopper. I have > > looked > > > through the orion mail archives and it seems all discussions are related > > to > > > trying to get the developer certs to work, not production certs. > > > > > > Thanks in advance, > > > Mike > > > > > > > > > Mike Fontenot - Object Systems Architect > > > BrandMatrix, Ltd. > > > Golden, Colorado > > > > > > > > -- > // > // > // Mike Clark > // > // Clarkware Consulting > // Enterprise Java Architecture, Design, Development > // > // http://www.clarkware.com > // [EMAIL PROTECTED] > // +1.720.851.2014 > //
Re: Help - SSL Usage in Production - is it really possbile?
Unfortunately, that cert is no longer available from Thawte. We're still out of business with Orion using a production SSL certificate. What gives? Mike Mattias Arbin wrote: > I have Orion running with a "real" 40-bit cert from Thawte. > I guess it does not matter which web-server you say you have. Probably it is > for statistics. (I chose Java Webserver). > You will be able to choose from a number of different formats when you > download the cert. > Here I chose "PKCS #7 Certificate Chain". Make sure that you save it in a > file that ends with a new line before importing it to the keystore. > Good luck. > /Mattias > > - Original Message - > From: "Mike Fontenot" <[EMAIL PROTECTED]> > To: "Orion-Interest" <[EMAIL PROTECTED]> > Cc: <[EMAIL PROTECTED]> > Sent: Friday, August 18, 2000 10:50 PM > Subject: Help - SSL Usage in Production - is it really possbile? > > > orion users, > > > > I've been using the test certificate from Thawte, as both the orion docs. > > and the OrionSupport suggested. That has been working fine. However, I am > > now ready to move to production with our e-commerce system and I have run > > into some major snags that leads me to think NO one is using Orion in a > > production SSL environment. > > > > After going through the Thawte process for getting a server cert, the > 'pick > > your web server' does not list Orion. After talking with Thawte support > they > > suggested picking 'Apache SSL' as a choice. Ok, that seems fine to me. > > However, they also said I would need to pick the certificate type: x509v3. > > > > Since I've been using the 'SSL Chained CA Cert' for development, I wanted > to > > try this out with a development cert to be sure it would work. I tried > this > > using a X509v3 development cert but it will not work. Again, after getting > > back in touch with Thawte support regarding X509v3 not working, I said I > > will need to just use the 'SSL Chained CA Cert'. They then informed me > that > > they no longer sell this type of certificate, and that I must go to > Verisign > > to obtain this type of certificate. Well, my first question to Thawte was > > 'If you dont sell this type of certificate, why is it available on your > > developers cert pages?' Answer from Thawte: 'Yeah, I've been meaning to > talk > > to our developers to take that off the website.'. > > > > Guess how much hair I've lost so far!? Now I am in the 'process' of > getting > > a certificate from Verisign. Of course they do not have 'Orion Server' > > listed in their pick list of valid webservers. Since I just started this > > process today I really dont know if they can/cannot support the type of > SSL > > certificate I will need to work with Orion. > > > > I'll be the first to admit I'm not real familiar with the Java 1.3 > keytool, > > and different certificate meanings. But, if anyone has really obtained a > > valid production level SSL certificate, from any Certificate Authority, > and > > successfully integrated this with Orion, please let me/us know how this > was > > accomplished. The only docs I've see are related to development certs, and > > as I stated earlier, I've got this working fine. I now need to graduate to > > real e-commerce transactions. Please dont make me go back to Apache/JRun, > I > > feel Orion is so much better but this is a real show-stopper. I have > looked > > through the orion mail archives and it seems all discussions are related > to > > trying to get the developer certs to work, not production certs. > > > > Thanks in advance, > > Mike > > > > > > Mike Fontenot - Object Systems Architect > > BrandMatrix, Ltd. > > Golden, Colorado > > > > -- // // // Mike Clark // // Clarkware Consulting // Enterprise Java Architecture, Design, Development // // http://www.clarkware.com // [EMAIL PROTECTED] // +1.720.851.2014 //
Re: Help - SSL Usage in Production - is it really possbile?
I have Orion running with a "real" 40-bit cert from Thawte. I guess it does not matter which web-server you say you have. Probably it is for statistics. (I chose Java Webserver). You will be able to choose from a number of different formats when you download the cert. Here I chose "PKCS #7 Certificate Chain". Make sure that you save it in a file that ends with a new line before importing it to the keystore. Good luck. /Mattias - Original Message - From: "Mike Fontenot" <[EMAIL PROTECTED]> To: "Orion-Interest" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Friday, August 18, 2000 10:50 PM Subject: Help - SSL Usage in Production - is it really possbile? > orion users, > > I've been using the test certificate from Thawte, as both the orion docs. > and the OrionSupport suggested. That has been working fine. However, I am > now ready to move to production with our e-commerce system and I have run > into some major snags that leads me to think NO one is using Orion in a > production SSL environment. > > After going through the Thawte process for getting a server cert, the 'pick > your web server' does not list Orion. After talking with Thawte support they > suggested picking 'Apache SSL' as a choice. Ok, that seems fine to me. > However, they also said I would need to pick the certificate type: x509v3. > > Since I've been using the 'SSL Chained CA Cert' for development, I wanted to > try this out with a development cert to be sure it would work. I tried this > using a X509v3 development cert but it will not work. Again, after getting > back in touch with Thawte support regarding X509v3 not working, I said I > will need to just use the 'SSL Chained CA Cert'. They then informed me that > they no longer sell this type of certificate, and that I must go to Verisign > to obtain this type of certificate. Well, my first question to Thawte was > 'If you dont sell this type of certificate, why is it available on your > developers cert pages?' Answer from Thawte: 'Yeah, I've been meaning to talk > to our developers to take that off the website.'. > > Guess how much hair I've lost so far!? Now I am in the 'process' of getting > a certificate from Verisign. Of course they do not have 'Orion Server' > listed in their pick list of valid webservers. Since I just started this > process today I really dont know if they can/cannot support the type of SSL > certificate I will need to work with Orion. > > I'll be the first to admit I'm not real familiar with the Java 1.3 keytool, > and different certificate meanings. But, if anyone has really obtained a > valid production level SSL certificate, from any Certificate Authority, and > successfully integrated this with Orion, please let me/us know how this was > accomplished. The only docs I've see are related to development certs, and > as I stated earlier, I've got this working fine. I now need to graduate to > real e-commerce transactions. Please dont make me go back to Apache/JRun, I > feel Orion is so much better but this is a real show-stopper. I have looked > through the orion mail archives and it seems all discussions are related to > trying to get the developer certs to work, not production certs. > > Thanks in advance, > Mike > > > Mike Fontenot - Object Systems Architect > BrandMatrix, Ltd. > Golden, Colorado > >
Re: Help - SSL Usage in Production - is it really possbile?
I have ssl working on a test certificate from Thawte and await an answer also. I also am curious if anyone has a production certificate from any CA. I have two other questions about OrionServer and SSL: 1. Does orionserver support 128bit "supercert" from Thawte? 2. Since I don't see secure on-line ordering of OrionServer on the orionserver.com site, should this lead me to believe that Orion themselves can't get a production ssl certificate to work? I would expect that Orion would be contacting both Thawte and Verisign about placing themselves on the list of servers to choose from. At least I would if I was trying to sell an application server. Dale - Original Message - From: Robert Krueger <[EMAIL PROTECTED]> To: Orion-Interest <[EMAIL PROTECTED]> Sent: Saturday, August 19, 2000 7:46 AM Subject: Re: Help - SSL Usage in Production - is it really possbile? mike, have you contacted [EMAIL PROTECTED] about this? they should care very much if one of their (or the ?) first customers to use orion with ssl in production has that many difficulties. your problems may indicate that ssl support only has proof-of-concept but not production quality which is something they should (and probably will) really get out of the way quickly. one thing you could do as a temporary workaround is use apache with mod_proxy and mod_ssl as an ssl-proxy. of course that only works if you don't need to access certificate information in your app. but if you just need to make sure parts of your app are protected by ssl this should work (with a performance hit of course). robert (-) Robert Krüger (-) SIGNAL 7 Gesellschaft für Informationstechnologie mbH (-) Brüder-Knauß-Str. 79 - 64285 Darmstadt, (-) Tel: 06151 665401, Fax: 06151 665373 (-) [EMAIL PROTECTED], www.signal7.de
Re: Help - SSL Usage in Production - is it really possbile?
mike, have you contacted [EMAIL PROTECTED] about this? they should care very much if one of their (or the ?) first customers to use orion with ssl in production has that many difficulties. your problems may indicate that ssl support only has proof-of-concept but not production quality which is something they should (and probably will) really get out of the way quickly. one thing you could do as a temporary workaround is use apache with mod_proxy and mod_ssl as an ssl-proxy. of course that only works if you don't need to access certificate information in your app. but if you just need to make sure parts of your app are protected by ssl this should work (with a performance hit of course). robert (-) Robert Krüger (-) SIGNAL 7 Gesellschaft für Informationstechnologie mbH (-) Brüder-Knauß-Str. 79 - 64285 Darmstadt, (-) Tel: 06151 665401, Fax: 06151 665373 (-) [EMAIL PROTECTED], www.signal7.de
Re: Help - SSL Usage in Production - is it really possbile?
Real production SSL i've met same problem, i'am intersted extacly what sertificate i will get. (What Type of It, From what company, url of company) - Original Message - From: "Mike Fontenot" <[EMAIL PROTECTED]> To: "Orion-Interest" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Friday, August 18, 2000 4:50 PM Subject: Help - SSL Usage in Production - is it really possbile? > orion users, > > I've been using the test certificate from Thawte, as both the orion docs. > and the OrionSupport suggested. That has been working fine. However, I am > now ready to move to production with our e-commerce system and I have run > into some major snags that leads me to think NO one is using Orion in a > production SSL environment. >
Help - SSL Usage in Production - is it really possbile?
orion users, I've been using the test certificate from Thawte, as both the orion docs. and the OrionSupport suggested. That has been working fine. However, I am now ready to move to production with our e-commerce system and I have run into some major snags that leads me to think NO one is using Orion in a production SSL environment. After going through the Thawte process for getting a server cert, the 'pick your web server' does not list Orion. After talking with Thawte support they suggested picking 'Apache SSL' as a choice. Ok, that seems fine to me. However, they also said I would need to pick the certificate type: x509v3. Since I've been using the 'SSL Chained CA Cert' for development, I wanted to try this out with a development cert to be sure it would work. I tried this using a X509v3 development cert but it will not work. Again, after getting back in touch with Thawte support regarding X509v3 not working, I said I will need to just use the 'SSL Chained CA Cert'. They then informed me that they no longer sell this type of certificate, and that I must go to Verisign to obtain this type of certificate. Well, my first question to Thawte was 'If you dont sell this type of certificate, why is it available on your developers cert pages?' Answer from Thawte: 'Yeah, I've been meaning to talk to our developers to take that off the website.'. Guess how much hair I've lost so far!? Now I am in the 'process' of getting a certificate from Verisign. Of course they do not have 'Orion Server' listed in their pick list of valid webservers. Since I just started this process today I really dont know if they can/cannot support the type of SSL certificate I will need to work with Orion. I'll be the first to admit I'm not real familiar with the Java 1.3 keytool, and different certificate meanings. But, if anyone has really obtained a valid production level SSL certificate, from any Certificate Authority, and successfully integrated this with Orion, please let me/us know how this was accomplished. The only docs I've see are related to development certs, and as I stated earlier, I've got this working fine. I now need to graduate to real e-commerce transactions. Please dont make me go back to Apache/JRun, I feel Orion is so much better but this is a real show-stopper. I have looked through the orion mail archives and it seems all discussions are related to trying to get the developer certs to work, not production certs. Thanks in advance, Mike Mike Fontenot - Object Systems Architect BrandMatrix, Ltd. Golden, Colorado
