We use jsse versus openssl, but when we were playing with openssl in the 3.0.x release, the certificate chain file needed to have all the certificates in it - from the root, any intermediates, and your final wildcard cert - all cat'd together. Just something to check.
+ jay On 1/24/07, Barrie Selack <[EMAIL PROTECTED]> wrote: > We have a wildcard certificate (and chain certificate) and in Resin 2.1 > the configuration below worked (details hidden to protect the innocent) > > 2.1 > > <http port="443"> > <ssl>openssl</ssl> > <certificate-chain-file>@resin.doc-dir@/WEB-INF/certificates/ > digicertchain.pem</certificate-chain-file> > <certificate-key-file>@resin.doc-dir@/WEB-INF/certificates/our- > wildcard.key</certificate-key-file> > <certificate-key-password>ourpassword</certificate-key-password> > </http> > > 3.0 now requires a certificate-file item as well > > <http port="443"> > <openssl> > <certificate-chain-file>/resin-pro-3.0.22/webapps/ourapp/WEB-INF/ > certificates/digicertchain.pem</certificate-chain-file> > <certificate-key-file>/resin-pro-3.0.22/webapps/ourapp/WEB-INF/ > certificates/our-wildcard.key</certificate-key-file> > <certificate-file>/resin-pro-3.0.22/webapps/ourapp/WEB-INF/ > certificates/our-www.cer</certificate-file> > <password>ourpassword</password> > </openssl> > </http> > > I've also tried star_our_com.crt as the certificate-file (used to make > the digicertchain.pem file) and every time I get > > [11:33:21.048] com.caucho.config.ConfigException: OpenSSL can't open key > file '/resin-pro-3.0.22/webapps/ourapp/WEB-INF/certificates/our-www.cer' > or the password does not match. > > The file exists and has the correct permissions, and the password has > not changed (same certificates). > > Any ideas? Any better debugging for OpenSSL or Resin on this issue? > > Regards, > Barrie > > > > > _______________________________________________ > resin-interest mailing list > resin-interest@caucho.com > http://maillist.caucho.com/mailman/listinfo/resin-interest > _______________________________________________ resin-interest mailing list resin-interest@caucho.com http://maillist.caucho.com/mailman/listinfo/resin-interest
