Re: Orion and SSL
Hi all, Well, I played a lot with my certificate, test certificates blah, blah, blah and the final answer is NO. You cannot, AFAIK, use an existing certificate unless you generated the request with keytool and you kept the keystore. The key point is that when you generate a certificate request, public key and private key are generated and stored in the keystore, if you didn't create your request with keytool you don't have this information and when you import the real certificate, it is treated as a trusted certificate (like Verisigns one) but not as valid key to validate himself. I didn't fin any info on how to import the private key into the keystore so I asume the answer is that you cannot. Requesting a new certificate whose request has been generated with the keytool seems to be the answer but then you have to pay again. I would suggest this information to be included in the SSL how-to as this might save other people from getting the headaches I got while playing with all these buzzwords ;). Regards and thank you to all the people that offered their advice. Dan Rafael Alvarez wrote: Hello Daniel, Sorry for the delay in the answer. I had the same trouble migrating a certificate from IIS to orion. Did you generate the request to Verisign using the keystore where you're importing it? If not, you need to request a new certificate. Check Verisign to see how that can be done. Hope this help. -- Best regards, Rafaelmailto:[EMAIL PROTECTED]
Re: Orion and SSL
As I've got no answer at all. Should I just suppose you cannot get Orion to work with SSL with an already created certificate by Verisign? Did the message just get lost somehow? Help, somebody? :) Thanks, Dan Daniel Lopez wrote: Hi, I've already browsed the list archive and I've seen that many people have had this problem but I didn't find a solution. So my problem is the typical "Error listening to SSLServerSocket: No available certificate corresponds to the SSL cipher suites which are enabled" I already imported the certificate using "keytool -import -trustcacerts -file mycert.der -keystore keystore", the certificate has been granted to the same hostname which is specified in the mysite-web-site.xml file, the certificate is valid until october, created by Verisign, 1024 public-key..., SSLv1, it works fine with Apache. So, is there any log file where I can get a more specific error message? Have I forgotten to do something? Any hints? TIA, Dan
Re: Orion and SSL
Hi Daniel, i think, many people had many stress to get orion work with ssl (and a real cert from anywhere). my expirience is: read the archives some hundred times crosswise, test thousands of things by your own and - at least - it works fine! i think there is nobody out there, who can give the ultimative answer on "what-goes-wrong-with-my-certificate". did you get it work with an test-cert from thawte? finally i got it work with a "real cert" from thawte in the same manner as with the test-cert. i did not got it work with _any_ cert from verisign. (but some people on the list reported that it do) hope that helps klaus Daniel Lopez wrote: As I've got no answer at all. Should I just suppose you cannot get Orion to work with SSL with an already created certificate by Verisign? Did the message just get lost somehow? Help, somebody? :) Thanks, Dan Daniel Lopez wrote: Hi, I've already browsed the list archive and I've seen that many people have had this problem but I didn't find a solution. So my problem is the typical "Error listening to SSLServerSocket: No available certificate corresponds to the SSL cipher suites which are enabled" I already imported the certificate using "keytool -import -trustcacerts -file mycert.der -keystore keystore", the certificate has been granted to the same hostname which is specified in the mysite-web-site.xml file, the certificate is valid until october, created by Verisign, 1024 public-key..., SSLv1, it works fine with Apache. So, is there any log file where I can get a more specific error message? Have I forgotten to do something? Any hints? TIA, Dan -- Klaus Thiele - Personal Informatik AG mailto:[EMAIL PROTECTED] "Your mouse has moved. Windows must be restarted for the change to take effect."
Re: Orion and SSL
Hello Daniel, Sorry for the delay in the answer. I had the same trouble migrating a certificate from IIS to orion. Did you generate the request to Verisign using the keystore where you're importing it? If not, you need to request a new certificate. Check Verisign to see how that can be done. Hope this help. -- Best regards, Rafaelmailto:[EMAIL PROTECTED]
RE: ORION and SSL
Title: RE: ORION and SSL Kirk, yes, whenever your browser is going with https:// instead of http:// its SSL. I think there are a *lot* of SSL docs out there, just check yahoo. Normaly, you have one server running http:// on port 80 and another running https:// on port 443. WR Magnus Rydin -Original Message- From: Kalvar, Kirk [mailto:[EMAIL PROTECTED]] Sent: den 5 juli 2000 20:35 To: Orion-Interest Subject: ORION and SSL Any place I can go to get more information on SSL and how it works? I've seen https displayed in the URL and assumed that I was using SSL between the server and the browser. Is that correct? How would you activate SSL? Via a page or login? Thanks, Kirk S. Kalvar, Software Engineer DRS Electronic Systems Group
