Jay,

Thanks, they are and did work with resin 2.1.x

I'm not sure what the issue is. I'm on Mac OS X, maybe it's an OpenSSL
issue or something in the Resin OpenSSL connection.

Have you found jsse to be satisfactory? Did you notice a big speed difference?

Regards,

Barrie

>We use jsse versus openssl, but when we were playing with openssl in
>the 3.0.x release, the certificate chain file needed to have all the
>certificates in it - from the root, any intermediates, and your final
>wildcard cert - all cat'd together. Just something to check.
>
>
>+ jay
>
>
>On 1/24/07, Barrie Selack <[EMAIL PROTECTED]> wrote:
>> We have a wildcard certificate (and chain certificate) and in Resin 2.1
>> the configuration below worked (details hidden to protect the innocent)
>>
>> 2.1
>>
>>   <http port="443">
>>      <ssl>openssl</ssl>
>>        <certificate-chain-file>@resin.doc-dir@/WEB-INF/certificates/
>> digicertchain.pem</certificate-chain-file>
>>        <certificate-key-file>@resin.doc-dir@/WEB-INF/certificates/our-
>> wildcard.key</certificate-key-file>
>>        <certificate-key-password>ourpassword</certificate-key-password>
>>   </http>
>>
>> 3.0 now requires a certificate-file item as well
>>
>>    <http port="443">
>>      <openssl>
>>         <certificate-chain-file>/resin-pro-3.0.22/webapps/ourapp/WEB-INF/
>> certificates/digicertchain.pem</certificate-chain-file>
>>         <certificate-key-file>/resin-pro-3.0.22/webapps/ourapp/WEB-INF/
>> certificates/our-wildcard.key</certificate-key-file>
>>         <certificate-file>/resin-pro-3.0.22/webapps/ourapp/WEB-INF/
>> certificates/our-www.cer</certificate-file>
>>         <password>ourpassword</password>
>>      </openssl>
>>   </http>
>>
>> I've also tried star_our_com.crt as the certificate-file (used to make
>> the digicertchain.pem  file) and every time I get
>>
>> [11:33:21.048] com.caucho.config.ConfigException: OpenSSL can't open key
>> file '/resin-pro-3.0.22/webapps/ourapp/WEB-INF/certificates/our-www.cer'
>> or the password does not match.
>>
>> The file exists and has the correct permissions, and the password  has
>> not changed (same certificates).
>>
>> Any ideas? Any better debugging for OpenSSL or Resin on this issue?
>>
>> Regards,
>> Barrie
>>
>>
>>
>>
>> _______________________________________________
>> resin-interest mailing list
>> resin-interest@caucho.com
>> http://maillist.caucho.com/mailman/listinfo/resin-interest
>>
>
>
>_______________________________________________
>resin-interest mailing list
>resin-interest@caucho.com
>http://maillist.caucho.com/mailman/listinfo/resin-interest





_______________________________________________
resin-interest mailing list
resin-interest@caucho.com
http://maillist.caucho.com/mailman/listinfo/resin-interest

Reply via email to