We have a wildcard certificate (and chain certificate) and in Resin 2.1
the configuration below worked (details hidden to protect the innocent)
2.1
<http port="443">
<ssl>openssl</ssl>
<certificate-chain-file>@resin.doc-dir@/WEB-INF/certificates/
digicertchain.pem</certificate-chain-file>
<certificate-key-file>@resin.doc-dir@/WEB-INF/certificates/our-
wildcard.key</certificate-key-file>
<certificate-key-password>ourpassword</certificate-key-password>
</http>
3.0 now requires a certificate-file item as well
<http port="443">
<openssl>
<certificate-chain-file>/resin-pro-3.0.22/webapps/ourapp/WEB-INF/
certificates/digicertchain.pem</certificate-chain-file>
<certificate-key-file>/resin-pro-3.0.22/webapps/ourapp/WEB-INF/
certificates/our-wildcard.key</certificate-key-file>
<certificate-file>/resin-pro-3.0.22/webapps/ourapp/WEB-INF/
certificates/our-www.cer</certificate-file>
<password>ourpassword</password>
</openssl>
</http>
I've also tried star_our_com.crt as the certificate-file (used to make
the digicertchain.pem file) and every time I get
[11:33:21.048] com.caucho.config.ConfigException: OpenSSL can't open key
file '/resin-pro-3.0.22/webapps/ourapp/WEB-INF/certificates/our-www.cer'
or the password does not match.
The file exists and has the correct permissions, and the password has
not changed (same certificates).
Any ideas? Any better debugging for OpenSSL or Resin on this issue?
Regards,
Barrie
_______________________________________________
resin-interest mailing list
resin-interest@caucho.com
http://maillist.caucho.com/mailman/listinfo/resin-interest
