Re: SSL problem

Sun, 17 Aug 2008 06:21:09 -0700 

Hi Christy,
File keystoreFile = new File("/Users/christyring/.keystore",".keystore"); component.getContext().getParameters().add("keystorePath",keystoreFile.toURI().toASCIIString()); 


In this, keystoreFile.toURI() is 
"file:/Users/christyring/.keystore/.keystore", which is probably not 
what you were intending.



The "keystorePath" parameter expects pathname, not a URI. Something like 
this should work better:

component.getContext().getParameters().add("keystorePath","/Users/christyring/.keystore");

This should work for locations other than ~/.keystore too.


I've also noticed that the certificate you're using uses "cn=Christy 
Ring". This won't prevent your server from starting, but the clients 
will complain because the CN doesn't match the hostname. You must use 
the host name of the server in the CN field, for example 
"cn=www.example.org".



Best wishes,

Bruno.


Christy Ring wrote:

Guys I've being trying to get a query answered on the issues list with 
no success, looking at the list contents I probably should have posted 
this on the discuss list. 

I'm having problems getting SSL working, can anyone here help with this. 
 This is my final stumbling block if I get over this alls looking well.


...

Further investigation is showing that the following code is being ignored!

 
component.getContext().getParameters().add("keystorePath",keystoreFile.toURI().toASCIIString());

        
component.getContext().getParameters().add("keystorePassword","jboxXXX");

        component.getContext().getParameters().add("keyPassword","jboxXXX");



And that the code is using the defaults.  Is component.getContext the 
correct way of setting these parameters?




Can someone confirm that the BasicHttpsServer example from the book is 
working with 1.1-M5?  If someone has a testcase can you check it also 
works if the keystore is not in "${user.home}/.keystore"



Thanks.









On 8 Aug 2008, at 09:47, Christy Ring wrote:


Guys first posting.  Using Restlet 1.1m5.



I've been experimenting with Restlet (vs Jersey) as one approach to 
a solution we are working on.   Currently I am trying to get SSL 
working with the Simple connector.  I've read through the previous 
posts on the configuration of this and I believe I am configuring it 
correctly.  

When I startup my mainline I get the keystore tamper error. 

Exception in thread "main" java.io.IOException: Keystore was 
tampered with, or password was incorrect

at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:768)




I am running on a mac with Java 5 and creating a new keystore in my 
home directory as follows:



    keytool -genkey -dname "cn=Christy Ring, ou=JBox, o=Vennetics, 
c=GB" -alias vennetics -keypass jboxXXX -keystore .keystore 
-storepass jboxXXX
     


Listing the keystore I get the following:


$  keytool -list
Enter keystore password:  jboxXXX

Keystore type: jks
Keystore provider: SUN

Your keystore contains 1 entry

vennetics, Aug 7, 2008, keyEntry,

Certificate fingerprint (MD5): 
B9:D9:07:98:8B:92:B2:FF:B0:F4:D7:9C:D8:19:FB:16





My main line looks like the following:

    public static void main(String[] args) throws Exception {
        // Create a new Component.
        Component component = new Component();

        File keystoreFile = new File("/Users/christyring/.keystore", 
".keystore");
        
component.getContext().getParameters().add("keystorePath",keystoreFile.toURI().toASCIIString());
        
component.getContext().getParameters().add("keystorePassword","jboxXXX");
        
component.getContext().getParameters().add("keyPassword","jboxXXX");
     
        
        // Add a new HTTPS server listening on port 8183.

        component.getServers().add(Protocol.HTTPS, 8183);

        
        // Attach the sample application.
        component.getDefaultHost().attach("/jbox/v2",new 
WidgetApplication(component.getContext()));
        
        // Start the component.

        component.start();


...

 

Can anyone suggest what I'm doing wrong?  Or provide an concrete 
example for me to compare with?  Also can you confirm that I have 
created my certificate correctly when creating the keystore?




As an aside, I really like how you have implemented the api and how 
the components are constructed, for REST it feels much more natural 
than what is described in JSR 311, I hope that you will continue to 
maintain this.  

I read that you offer support for 311 annotations, I hope that this 
does not become the defacto way of doing thinks in restlets. 





Regards,
[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>









Regards,
[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>



























					Reply via email to