Chris, you mention several places you tried to import the cert to. The first two are in JVMs that you say you couldn't get JRun to use, right?
The key is that whatever JVM JRun uses, you need to import into the cacerts there. And while you say you had other JVM's installed, JRun will use its own (unless you configure it to use another. More on that in a moment.) Now, in those first two you mention trying their cacerts, but in the two you mention within JRun, you do not mention the cacerts. Is it that you found some documentation somewhere suggesting those two locations? Just curious about that difference. Anyway, Iif you search the JRun folder, you should find C:\JRun4\jre\lib\security\cacerts. THAT is where you want to import the cert to, I'm pretty sure you will find. Then restart JRun, of course, and run your test. BTW, with respect to the JVM's you tried to point to, and the jvm.dll error, there could be a number of possible explanations. First, let's clarify for readers (since you don't say): did you in fact modify JRun to point to one of those JDKs? If so, did you point to C:\Programs\jdk1.6.0\jre , for example? That's what it must be pointed to, not any other directory above or below that (nor to any specific file). A ned possible problem is if those are 64-bit, but JRun is running 32-bit (as Cameron says, it's very old and I don't recall when they added support for 64- bit). And even if you ARE on a 64-bit machine, JRun could still be running in 32-bit mode. If it IS a 64-bit machine, I suspect the jdk's you found were 64-bit, not 32-bit. You could install a 32-bit one and point JRun to that, which may work. Finally, back to your first issue, if you DO end up getting JRun to use a different JVM, note that you will then need to import the cert into THAT jvm's \jre\lib\security\cacerts file. :-) Let us know if any of that helps. /charlie -----Original Message----- From: Chris Parker [mailto:[email protected]] Sent: Friday, January 30, 2015 12:02 PM To: jrun-talk Subject: JRun4 SSL "peer not authenticated" Before I start, I should say that I've already posted this question at http://www.coderanch.com/t/645100/java/JRun-SSL-Peer-authenticated and http://serverfault.com/questions/662453/jrun-ssl-peer-not-authenticated, and have not yet gotten an answer. I'll make sure both this site and those sites receive the answer should I find one. Also, I tried posting this once, and it appears as if it didn't work - I apologize if this is a double post. I inherited an old application written in EJB that is running on JRun4. JRun4 serves the content - which is to say that we do not have Apache, IIS, or similar in front of it. The application is used internally only, and is not visible from outside the firewall at all. The web content contains identifiable information, and so we are trying to get the application to use SSL. Internal to my organization we use Active Directory Certificate Services for applications that are internal only, and we have an internal signing certificate that is distributed to all workstations that is also used to sign all internal signing requests. Obviously this signing certificate is not part of Java's trust chain. I do not have access to the signing key, so I'm emulating as best as I can using OpenSSL. The idea is to create a signing authority and get that to work with JRun4. Since I have full control of the chain, I can experiment quickly to see what works. I have not been able to get past "Peer not authenticated". My understanding is that the error message is caused when Java can't find the CA public key. However, I've added it every place I can think of, and I still get the error. Here are my steps, bearing in mind that I'm just trying to come to grips with how to get this to work so I know what to do on the production server: 1) I compiled OpenSSL 1.0.1j from source using MinGW. 2) I used the configuration and steps from ssl - http://stackoverflow.com/questions/21297139/how-do-you-sign-openssl-certific ate-signing-requests-with-your-certification-aut for creating a CA. 3) The CA is on a separate device from where I'm running JRun. 4) I have JRun copied - but not installed - on a workstation at C:\JRun4. 5) Java 6 is installed at C:\Programs\jdk1.6.0 on my workstation. (Side note, I can't get JRun to work with newer Java versions, it complains about the jvm.dll) 6) I generated a fresh keystore in C:\JRun4\lib with the password "changeit". 7) I generated a signing request from that keystore. 8) I copied the .csr over to the other workstation and signed it. 9) I copied the signed key and the CA key from the other workstation back to the JRun workstation. 10) I first imported the CA key into four places - C:\Programs\jdk1.6.0\lib\security\cacerts , C:\Programs\jdk1.6.0\jre\lib\security\cacerts , C:\JRun4\lib\keystore , and C:\JRun4\lib\trustStore . 11) I imported the signed key into C:\JRun4\lib\keystore , after which SSL would start without error, but I got the "Peer not authenticated" error. 12) In desperation, I copied the signed key into the other three locations, even though I was pretty sure that wouldn't help (and it didn't). What am I missing? Please feel free to ask for more details, I didn't want to bog down an already long post with lots of irrelevant data. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/jrun-talk/message.cfm/messageid:5856 Subscription: http://www.houseoffusion.com/groups/jrun-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/jrun-talk/unsubscribe.cfm
