Re: SSL problem

Sun, 17 Aug 2008 08:13:54 -0700 

Thanks Bruno for the prompt response.
I had noticed this myself when debugging over the last few days and had modified the code to use keystoreFile.getAbsolutePath() with entires that generated /Users/christyring/.keystore 

Unfortunately this still does not solve the problem.


I wasnt aware of the certificate issue, thanks.  I've modified the  
keytool command to reflect the changes you suggest as follows, deleted  
the .keystore and recreated it.  I assume this is all I have to do  
with the keystore to get up and running?



keytool -genkey -keyalg RSA -dname "cn=www.vennetics.com, ou=JBox,  
o=Vennetics, c=GB" -alias vennetics -keypass jbox123 -keystore /Users/ 
christyring/.keystore -storepass jbox123



Bruno do you have an application that you confirm this feature works  
with 1.1-M5?  To test myself I modified the keystore, keystorePassword  
and keyPassword of the BasicHttpServer example that came with 1.1-M5  
with my details, nothing else and ran this, it failed.   I've pasted  
the code below with my changes.


/**
 * Copyright 2005-2008 Noelios Technologies.
 *

 * The contents of this file are subject to the terms of the  
following open
 * source licenses: LGPL 3.0 or LGPL 2.1 or CDDL 1.0 (the  
"Licenses"). You can
 * select the license that you prefer but you may not use this file  
except in

 * compliance with one of these Licenses.
 *
 * You can obtain a copy of the LGPL 3.0 license at
 * http://www.gnu.org/licenses/lgpl-3.0.html
 *
 * You can obtain a copy of the LGPL 2.1 license at
 * http://www.gnu.org/licenses/lgpl-2.1.html
 *
 * You can obtain a copy of the CDDL 1.0 license at
 * http://www.sun.com/cddl/cddl.html
 *
 * See the Licenses for the specific language governing permissions and
 * limitations under the Licenses.
 *

 * Alternatively, you can obtain a royaltee free commercial license  
with less

 * limitations, transferable or non-transferable, directly at
 * http://www.noelios.com/products/restlet-engine
 *
 * Restlet is a registered trademark of Noelios Technologies.
 */

package org.restlet.example.book.restlet.ch11;

import java.io.File;

import org.restlet.Component;
import org.restlet.Restlet;
import org.restlet.data.MediaType;
import org.restlet.data.Protocol;
import org.restlet.data.Request;
import org.restlet.data.Response;

/**
 *
 */
public class BasicHttpsServer {
        public static void main(String[] args) {
                // Creates a Restlet whose response to each request is "hello, 
world".
                final Restlet restlet = new Restlet() {
                        @Override
                        public void handle(Request request, Response response) {
                                response.setEntity("hello, world", 
MediaType.TEXT_PLAIN);
                        }
                };


		final File keystoreFile = new File("d:\\temp\\certificats",  
"myServerKeystore");

                // Component declaring only one HTTPS server connector.
                final Component component = new Component();
                component.getServers().add(Protocol.HTTPS, 8182);
                component.getDefaultHost().attach("/helloWorld", restlet);

                // Update component's context with keystore parameters.

		component.getContext().getParameters().add("keystorePath", "/Users/ 
christyring/.keystore");
		component.getContext().getParameters().add("keystorePassword",  
"jbox123");

                component.getContext().getParameters().add("keyPassword", 
"jbox123");

                try {
                        component.start();
                } catch (final Exception e) {
                        e.printStackTrace();
                }
        }
}



The fact that the demo app from the restlet release failed leads me to  
the following conclusions,


1. Theres a problem with my keytool command

2. Theres a problem with keytool on OSX (unlikely, but it would be  
good if someone with OSX can confirm it works with them)

3. Theres a problem with restlet.


Bruno any other suggestions?

Thanks.



On 17 Aug 2008, at 14:20, Bruno Harbulot wrote:


Hi Christy,


File keystoreFile = new File("/Users/ 
christyring/.keystore",".keystore");  
component 
.getContext 
().getParameters 
().add("keystorePath",keystoreFile.toURI().toASCIIString());



In this, keystoreFile.toURI() is "file:/Users/ 
christyring/.keystore/.keystore", which is probably not what you  
were intending.



The "keystorePath" parameter expects pathname, not a URI. Something  
like this should work better:
component.getContext().getParameters().add("keystorePath","/Users/ 
christyring/.keystore");


This should work for locations other than ~/.keystore too.


I've also noticed that the certificate you're using uses "cn=Christy  
Ring". This won't prevent your server from starting, but the clients  
will complain because the CN doesn't match the hostname. You must  
use the host name of the server in the CN field, for example "cn=www.example.org 
".



Best wishes,

Bruno.



Regards,
[EMAIL PROTECTED]

























					Reply via email to