We have a wildcard certificate (and chain certificate) and in Resin 2.1 the configuration below worked (details hidden to protect the innocent)
2.1 <http port="443"> <ssl>openssl</ssl> <certificate-chain-file>@resin.doc-dir@/WEB-INF/certificates/ digicertchain.pem</certificate-chain-file> <certificate-key-file>@resin.doc-dir@/WEB-INF/certificates/our- wildcard.key</certificate-key-file> <certificate-key-password>ourpassword</certificate-key-password> </http> 3.0 now requires a certificate-file item as well <http port="443"> <openssl> <certificate-chain-file>/resin-pro-3.0.22/webapps/ourapp/WEB-INF/ certificates/digicertchain.pem</certificate-chain-file> <certificate-key-file>/resin-pro-3.0.22/webapps/ourapp/WEB-INF/ certificates/our-wildcard.key</certificate-key-file> <certificate-file>/resin-pro-3.0.22/webapps/ourapp/WEB-INF/ certificates/our-www.cer</certificate-file> <password>ourpassword</password> </openssl> </http> I've also tried star_our_com.crt as the certificate-file (used to make the digicertchain.pem file) and every time I get [11:33:21.048] com.caucho.config.ConfigException: OpenSSL can't open key file '/resin-pro-3.0.22/webapps/ourapp/WEB-INF/certificates/our-www.cer' or the password does not match. The file exists and has the correct permissions, and the password has not changed (same certificates). Any ideas? Any better debugging for OpenSSL or Resin on this issue? Regards, Barrie _______________________________________________ resin-interest mailing list resin-interest@caucho.com http://maillist.caucho.com/mailman/listinfo/resin-interest