Re: SSL-problems (was SSL-100% CPU)

2000-07-05 Thread Mattias Arbin 

I noticed that there is a 1.1.9 version. Tried that.
Now I get another message:
E:\java\orionjava -jar orion.jar
Error listening to SSLServerSocket: No available certificate corresponds to
the
SSL cipher suites which are enabled.
Orion/1.1.9 initialized
Seems like the new release changed something.
It would be really great to have a comment from the Orion team about this.
I also have a question:
How does Orion know which of the certificates in the keystore to use? It
seems like it gets confused if you have more than one entry in the keystore.
/Mattias

- Original Message -
From: "Mattias Arbin" [EMAIL PROTECTED]
To: "Orion-Interest" [EMAIL PROTECTED]
Sent: Tuesday, July 04, 2000 10:14 AM
Subject: SSL-problems (was SSL-100% CPU)


 I have tried to dig deeper into the SSL problem, while it is a major
 showstopper right now and a problem that has to be solved before I can use
 Orion in my project.

 I have made to bat files for the certificate generation to be able to play
 around a little faster:

 step1.bat:
 keytool -genkey -keyalg "RSA" -alias testalias -keystore mykeystore -dname
 "cn=My Name, ou=MyCompany, o=MyCompany, c=SE" -storepass 123456 -keypass
 654321 -validity 360

 keytool -certreq -keyalg "RSA" -alias testalias -file
 localhost.csr -storepass 123456 -keypass 654321 -keystore mykeystore

 rem Go to thawte and copy the contents of localhost.csr.
 start https://www.thawte.com/cgi/server/test.exe


 step2.bat
 rem Before running this, save the output from Thawte into localhost.cer
 keytool  -import -trustcacerts -file localhost.cer -keystore
 mykeystore -storepass 123456 -keypass 654321

 Output when running the scripts:
 E:\testjava -version
 java version "1.3.0"
 Java(TM) 2 Runtime Environment, Standard Edition (build 1.3.0-C)
 Java HotSpot(TM) Server VM (build 2.0fcs-E, mixed mode)

 E:\teststep1

 E:\testkeytool -genkey -keyalg "RSA" -alias testalias -keystore
 mykeystore -dna
 me "cn=My Name, ou=MyCompany, o=MyCompany, c=SE" -storepass
123456 -keypass
 6543
 21 -validity 360

 E:\testkeytool -certreq -keyalg "RSA" -alias testalias -file
 localhost.csr -sto
 repass 123456 -keypass 654321 -keystore mykeystore

 E:\teststart https://www.thawte.com/cgi/server/test.exe
 E:\teststep2

 E:\testkeytool  -import -trustcacerts -file localhost.cer -keystore
 mykeystore
 -storepass 123456 -keypass 654321
 Owner: CN=My Name, OU=MyCompany, O=MyCompany, C=SE
 Issuer: CN=Thawte Test CA Root, OU=TEST TEST TEST, O=Thawte Certification,
 ST=FO
 R TESTING PURPOSES ONLY, C=ZA
 Serial number: 488d5a
 Valid from: Tue Jul 04 09:55:28 GMT+02:00 2000 until: Fri Aug 04 09:55:28
 GMT+02
 :00 2000
 Certificate fingerprints:
  MD5:  AE:C8:43:16:A5:FC:15:70:6A:A6:2D:D8:7F:8F:8C:87
  SHA1: D1:98:C0:C7:DA:D5:DB:D5:D1:E3:C6:A1:39:A0:59:34:0A:8F:DC:99
 Trust this certificate? [no]:  yes
 Certificate was added to keystore
 E:\testkeystore -list -keystore mykeystore
 'keystore' is not recognized as an internal or external command,
 operable program or batch file.

 E:\testkeytool -list -keystore mykeystore
 Enter keystore password:  123456

 Keystore type: jks
 Keystore provider: SUN

 Your keystore contains 2 entries:

 mykey, Tue Jul 04 09:53:14 GMT+02:00 2000, trustedCertEntry,
 Certificate fingerprint (MD5):
 AE:C8:43:16:A5:FC:15:70:6A:A6:2D:D8:7F:8F:8C:87
 testalias, Tue Jul 04 09:51:48 GMT+02:00 2000, keyEntry,
 Certificate fingerprint (MD5):
 BE:ED:A9:00:04:5D:A6:F4:9A:92:40:25:0C:AB:9C:EC

 OK. Now I start Orion (I have tried it with 1.0, 1.1.4, 1.1.8 with the
same
 result):
 E:\java\orionjava -jar orion.jar
 Error starting HttpServer: Unable to intialize SSLServerSocketFactory
 'com.evermind.ssl.JSSESSLServerSocketFactory': Unrecoverable key error:
 Cannot recover key

 Now to something interesting: I delete the key with the alias 'testalias':
 E:\testkeytool -delete -alias testalias -keystore mykeystore
 Enter keystore password:  123456

 E:\testkeytool -list -keystore mykeystore
 Enter keystore password:  123456

 Keystore type: jks
 Keystore provider: SUN

 Your keystore contains 1 entry:

 mykey, Tue Jul 04 09:53:14 GMT+02:00 2000, trustedCertEntry,
 Certificate fingerprint (MD5):
 AE:C8:43:16:A5:FC:15:70:6A:A6:2D:D8:7F:8F:8C:87

 Now I start Orion again:
 E:\java\orionjava -jar orion.jar
 Orion/1.1.8 initialized

 Orion initializes, but takes about 100% CPU and accessing
 https://localhost:443 fails.

 Does anybody have a clue?
 /Thanks,
  Mattias Arbin, Ctakt AB


 My secure-web-site.xml:
 ?xml version="1.0"?
 !DOCTYPE web-site PUBLIC "Orion Web-site"
 "http://www.orionserver.com/dtds/web-site.dtd"

 web-site host="[ALL]" secure="true" port="443" display-name="Default
Orion
 WebSite"
  !-- The default web-app for this site, bound to the root --
  ssl-config keystore="../../../test/mykeystore"
keystore-password="12

SSL-problems (was SSL-100% CPU)

2000-07-04 Thread Mattias Arbin 

I have tried to dig deeper into the SSL problem, while it is a major
showstopper right now and a problem that has to be solved before I can use
Orion in my project.

I have made to bat files for the certificate generation to be able to play
around a little faster:

step1.bat:
keytool -genkey -keyalg "RSA" -alias testalias -keystore mykeystore -dname
"cn=My Name, ou=MyCompany, o=MyCompany, c=SE" -storepass 123456 -keypass
654321 -validity 360

keytool -certreq -keyalg "RSA" -alias testalias -file
localhost.csr -storepass 123456 -keypass 654321 -keystore mykeystore

rem Go to thawte and copy the contents of localhost.csr.
start https://www.thawte.com/cgi/server/test.exe


step2.bat
rem Before running this, save the output from Thawte into localhost.cer
keytool  -import -trustcacerts -file localhost.cer -keystore
mykeystore -storepass 123456 -keypass 654321

Output when running the scripts:
E:\testjava -version
java version "1.3.0"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.3.0-C)
Java HotSpot(TM) Server VM (build 2.0fcs-E, mixed mode)

E:\teststep1

E:\testkeytool -genkey -keyalg "RSA" -alias testalias -keystore
mykeystore -dna
me "cn=My Name, ou=MyCompany, o=MyCompany, c=SE" -storepass 123456 -keypass
6543
21 -validity 360

E:\testkeytool -certreq -keyalg "RSA" -alias testalias -file
localhost.csr -sto
repass 123456 -keypass 654321 -keystore mykeystore

E:\teststart https://www.thawte.com/cgi/server/test.exe
E:\teststep2

E:\testkeytool  -import -trustcacerts -file localhost.cer -keystore
mykeystore
-storepass 123456 -keypass 654321
Owner: CN=My Name, OU=MyCompany, O=MyCompany, C=SE
Issuer: CN=Thawte Test CA Root, OU=TEST TEST TEST, O=Thawte Certification,
ST=FO
R TESTING PURPOSES ONLY, C=ZA
Serial number: 488d5a
Valid from: Tue Jul 04 09:55:28 GMT+02:00 2000 until: Fri Aug 04 09:55:28
GMT+02
:00 2000
Certificate fingerprints:
 MD5:  AE:C8:43:16:A5:FC:15:70:6A:A6:2D:D8:7F:8F:8C:87
 SHA1: D1:98:C0:C7:DA:D5:DB:D5:D1:E3:C6:A1:39:A0:59:34:0A:8F:DC:99
Trust this certificate? [no]:  yes
Certificate was added to keystore
E:\testkeystore -list -keystore mykeystore
'keystore' is not recognized as an internal or external command,
operable program or batch file.

E:\testkeytool -list -keystore mykeystore
Enter keystore password:  123456

Keystore type: jks
Keystore provider: SUN

Your keystore contains 2 entries:

mykey, Tue Jul 04 09:53:14 GMT+02:00 2000, trustedCertEntry,
Certificate fingerprint (MD5):
AE:C8:43:16:A5:FC:15:70:6A:A6:2D:D8:7F:8F:8C:87
testalias, Tue Jul 04 09:51:48 GMT+02:00 2000, keyEntry,
Certificate fingerprint (MD5):
BE:ED:A9:00:04:5D:A6:F4:9A:92:40:25:0C:AB:9C:EC

OK. Now I start Orion (I have tried it with 1.0, 1.1.4, 1.1.8 with the same
result):
E:\java\orionjava -jar orion.jar
Error starting HttpServer: Unable to intialize SSLServerSocketFactory
'com.evermind.ssl.JSSESSLServerSocketFactory': Unrecoverable key error:
Cannot recover key

Now to something interesting: I delete the key with the alias 'testalias':
E:\testkeytool -delete -alias testalias -keystore mykeystore
Enter keystore password:  123456

E:\testkeytool -list -keystore mykeystore
Enter keystore password:  123456

Keystore type: jks
Keystore provider: SUN

Your keystore contains 1 entry:

mykey, Tue Jul 04 09:53:14 GMT+02:00 2000, trustedCertEntry,
Certificate fingerprint (MD5):
AE:C8:43:16:A5:FC:15:70:6A:A6:2D:D8:7F:8F:8C:87

Now I start Orion again:
E:\java\orionjava -jar orion.jar
Orion/1.1.8 initialized

Orion initializes, but takes about 100% CPU and accessing
https://localhost:443 fails.

Does anybody have a clue?
/Thanks,
 Mattias Arbin, Ctakt AB


My secure-web-site.xml:
?xml version="1.0"?
!DOCTYPE web-site PUBLIC "Orion Web-site"
"http://www.orionserver.com/dtds/web-site.dtd"

web-site host="[ALL]" secure="true" port="443" display-name="Default Orion
WebSite"
 !-- The default web-app for this site, bound to the root --
 ssl-config keystore="../../../test/mykeystore" keystore-password="123456"
/
 default-web-app application="default" name="defaultWebApp" /

 !-- Uncomment this to activate the news app --
 !-- web-app application="news" name="news-web" root="/news" / --
 !-- Access Log, where requests are logged to --
 access-log path="../log/default-web-access.log" /
/web-site

My server.xml:
?xml version="1.0"?
!DOCTYPE application-server PUBLIC "Orion Application Server Config"
"http://www.orionserver.com/dtds/application-server.dtd"

application-server
 application-directory="../applications"
 deployment-directory="../application-deployments"
 rmi-config path="./rmi.xml" /
 !-- JMS-server config link, uncomment to activate the JMS service --
 !-- jms-config path="./jms.xml" / --
 principals path="./principals.xml" /
 log
  file path="../log/server.log" /
 /log

 global-application name="default" path="application.xml" /

 global-web-app-config path="global-web-application.xml" /

 web-site path="./default-web-site.xml" /
 web-site path="./secure-web-site.xml" /

 !-- Compiler, activate