Re: SSL + Virtual Hosts and Issue #489?

Wed, 30 Jul 2008 09:19:32 -0700 

Hello,
Following the changes in the way Components can be configured (latest subversion revisions), configuring SSL to use an SslContextFactory is now possible this way: 

  1. Using the DefaultSslContextFactory:

<component xmlns="http://www.restlet.org/schemas/1.1/Component";
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
        xsi:schemaLocation="http://www.restlet.org/schemas/1.1/Component";>

        <client protocol="FILE" />
        
        <server protocol="HTTPS" port="8183">
<parameter name="sslContextFactory" value="com.noelios.restlet.util.DefaultSslContextFactory" /> 
                <parameter name="keystorePath" value="/path/to/keystore.p12" />
                <parameter name="keystoreType" value="PKCS12" />
                <parameter name="keystorePassword" value="testtest" />
                <parameter name="keyPassword" value="testtest" />
        </server>

        <defaultHost>
                <attach uriPattern=""
                        targetClass="org.restlet.example.tutorial.Part12" />
        </defaultHost>
</component>



  2. Using the PkixSslContextFactory (newly added, with jSSLutils 0.4):

<component xmlns="http://www.restlet.org/schemas/1.1/Component";
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
        xsi:schemaLocation="http://www.restlet.org/schemas/1.1/Component";>

        <client protocol="FILE" />

        <server protocol="HTTPS" port="8183">
<parameter name="sslContextFactory" value="com.noelios.restlet.ext.ssl.PkixSslContextFactory" /> 
                <parameter name="keystorePath" value="/path/to/keystore.p12" />
                <parameter name="keystoreType" value="PKCS12" />
                <parameter name="keystorePassword" value="testtest" />
                <parameter name="keyPassword" value="testtest" />
                <parameter name="truststorePath" value="/path/to/truststore.jks" 
/>
                <parameter name="truststoreType" value="JKS" />
                <parameter name="truststorePassword" value="testtest" />
                <parameter name="crlUrl" value="file:///path/to/crl.crl" />
                <parameter name="wantClientAuthentication" value="true" />
        </server>

        <defaultHost>
                <attach uriPattern=""
                        targetClass="org.restlet.example.tutorial.Part12" />
        </defaultHost>
</component>


There can be multiple "crlUrl" parameters.

In addition, there are a couple of other parameters that can be set:
- "sslServerAlias", which will use a particular alias from the keystore,
- "disableCrl", which should be set to "true" if you don't want to use CRLs.


Feedback welcome (especially if it doesn't work as intended!)


Best wishes,

Bruno.

Reply via email to