I have tried to dig deeper into the SSL problem, while it is a major
showstopper right now and a problem that has to be solved before I can use
Orion in my project.
I have made to bat files for the certificate generation to be able to play
around a little faster:
step1.bat:
keytool -genkey -keyalg "RSA" -alias testalias -keystore mykeystore -dname
"cn=My Name, ou=MyCompany, o=MyCompany, c=SE" -storepass 123456 -keypass
654321 -validity 360
keytool -certreq -keyalg "RSA" -alias testalias -file
localhost.csr -storepass 123456 -keypass 654321 -keystore mykeystore
rem Go to thawte and copy the contents of localhost.csr.
start https://www.thawte.com/cgi/server/test.exe
step2.bat
rem Before running this, save the output from Thawte into localhost.cer
keytool -import -trustcacerts -file localhost.cer -keystore
mykeystore -storepass 123456 -keypass 654321
Output when running the scripts:
E:\testjava -version
java version "1.3.0"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.3.0-C)
Java HotSpot(TM) Server VM (build 2.0fcs-E, mixed mode)
E:\teststep1
E:\testkeytool -genkey -keyalg "RSA" -alias testalias -keystore
mykeystore -dna
me "cn=My Name, ou=MyCompany, o=MyCompany, c=SE" -storepass 123456 -keypass
6543
21 -validity 360
E:\testkeytool -certreq -keyalg "RSA" -alias testalias -file
localhost.csr -sto
repass 123456 -keypass 654321 -keystore mykeystore
E:\teststart https://www.thawte.com/cgi/server/test.exe
E:\teststep2
E:\testkeytool -import -trustcacerts -file localhost.cer -keystore
mykeystore
-storepass 123456 -keypass 654321
Owner: CN=My Name, OU=MyCompany, O=MyCompany, C=SE
Issuer: CN=Thawte Test CA Root, OU=TEST TEST TEST, O=Thawte Certification,
ST=FO
R TESTING PURPOSES ONLY, C=ZA
Serial number: 488d5a
Valid from: Tue Jul 04 09:55:28 GMT+02:00 2000 until: Fri Aug 04 09:55:28
GMT+02
:00 2000
Certificate fingerprints:
MD5: AE:C8:43:16:A5:FC:15:70:6A:A6:2D:D8:7F:8F:8C:87
SHA1: D1:98:C0:C7:DA:D5:DB:D5:D1:E3:C6:A1:39:A0:59:34:0A:8F:DC:99
Trust this certificate? [no]: yes
Certificate was added to keystore
E:\testkeystore -list -keystore mykeystore
'keystore' is not recognized as an internal or external command,
operable program or batch file.
E:\testkeytool -list -keystore mykeystore
Enter keystore password: 123456
Keystore type: jks
Keystore provider: SUN
Your keystore contains 2 entries:
mykey, Tue Jul 04 09:53:14 GMT+02:00 2000, trustedCertEntry,
Certificate fingerprint (MD5):
AE:C8:43:16:A5:FC:15:70:6A:A6:2D:D8:7F:8F:8C:87
testalias, Tue Jul 04 09:51:48 GMT+02:00 2000, keyEntry,
Certificate fingerprint (MD5):
BE:ED:A9:00:04:5D:A6:F4:9A:92:40:25:0C:AB:9C:EC
OK. Now I start Orion (I have tried it with 1.0, 1.1.4, 1.1.8 with the same
result):
E:\java\orionjava -jar orion.jar
Error starting HttpServer: Unable to intialize SSLServerSocketFactory
'com.evermind.ssl.JSSESSLServerSocketFactory': Unrecoverable key error:
Cannot recover key
Now to something interesting: I delete the key with the alias 'testalias':
E:\testkeytool -delete -alias testalias -keystore mykeystore
Enter keystore password: 123456
E:\testkeytool -list -keystore mykeystore
Enter keystore password: 123456
Keystore type: jks
Keystore provider: SUN
Your keystore contains 1 entry:
mykey, Tue Jul 04 09:53:14 GMT+02:00 2000, trustedCertEntry,
Certificate fingerprint (MD5):
AE:C8:43:16:A5:FC:15:70:6A:A6:2D:D8:7F:8F:8C:87
Now I start Orion again:
E:\java\orionjava -jar orion.jar
Orion/1.1.8 initialized
Orion initializes, but takes about 100% CPU and accessing
https://localhost:443 fails.
Does anybody have a clue?
/Thanks,
Mattias Arbin, Ctakt AB
My secure-web-site.xml:
?xml version="1.0"?
!DOCTYPE web-site PUBLIC "Orion Web-site"
"http://www.orionserver.com/dtds/web-site.dtd"
web-site host="[ALL]" secure="true" port="443" display-name="Default Orion
WebSite"
!-- The default web-app for this site, bound to the root --
ssl-config keystore="../../../test/mykeystore" keystore-password="123456"
/
default-web-app application="default" name="defaultWebApp" /
!-- Uncomment this to activate the news app --
!-- web-app application="news" name="news-web" root="/news" / --
!-- Access Log, where requests are logged to --
access-log path="../log/default-web-access.log" /
/web-site
My server.xml:
?xml version="1.0"?
!DOCTYPE application-server PUBLIC "Orion Application Server Config"
"http://www.orionserver.com/dtds/application-server.dtd"
application-server
application-directory="../applications"
deployment-directory="../application-deployments"
rmi-config path="./rmi.xml" /
!-- JMS-server config link, uncomment to activate the JMS service --
!-- jms-config path="./jms.xml" / --
principals path="./principals.xml" /
log
file path="../log/server.log" /
/log
global-application name="default" path="application.xml" /
global-web-app-config path="global-web-application.xml" /
web-site path="./default-web-site.xml" /
web-site path="./secure-web-site.xml" /
!-- Compiler, activate