Re: Yup, SSL question
Nevermind, I have found the keystore and have imported the certificate. I believe my problems now have to do with our clustering/load balancing configuration. We are currently using an Alteon Acedirector 3 for our load balancer. We are also using clustering to maintain sessions. I think the error I have been getting: "Error listening to SSLServerSocket: No available certificate corresponds to the SSL cipher suites which are enabled." is because our certificate is for our virtual IP, and not for our local machine, and therefore Orion is unable to load the certificate correctly because it isnt for the local host. The question is, how do I configure Orion to load a certificate for our virtual site? Here is my configuration, with some entries modified to protect the innocent: web-site host="localhost.simpledevices.com" port="8443" cluster-island="1" secure="true" display-name="SMS WebSite" default-web-app application="sms" name="sms-web" shared="true" load-on-startup="false" / ssl-config keystore="../keys/keystore" keystore-password="123456" / frontend host="virtual.simpledevices.com" port="443"/ access-log path="../log/sms-web-access.log" //web-site I have tried setting the web-site host="[ALL]", but I get an error saying I cannot cluster with that configuration. Though I no longer get the SSLServerSocket error. Thanks for any help, Steve - Original Message - From: Steve Best To: Orion-Interest Sent: Wednesday, October 17, 2001 3:43 PM Subject: Yup, SSL question So, I do not have the original keystore file generated during the certificate request, but I have the original certificate request private key file, as well as the certificate file from Thawte. How do I get them both into a working keystore? Steve
RE: Yup, SSL question
use a virtual-hosts attribute in your web-site tag...I also use the EXACT ip address in host: web-site host="localhost.simpledevices.com" port="8443" cluster-island="1" secure="true" virtual-host="secure.simpledevices.com or whatever the ssl certificate supports" display-name="SMS WebSite" regards, the elephantwalker www.elephantwalker.com .ps I am glad your Alteonloadbalancer works, because the orion loadbalancer.jar can't use ssl ;(...its broken in 1.5.2. My main question is ... aren't you using Alteon as you ssl accelerator...and if so, why are the backends in ssl? -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Steve BestSent: Thursday, October 18, 2001 11:36 AMTo: Orion-InterestSubject: Re: Yup, SSL question Nevermind, I have found the keystore and have imported the certificate. I believe my problems now have to do with our clustering/load balancing configuration. We are currently using an Alteon Acedirector 3 for our load balancer. We are also using clustering to maintain sessions. I think the error I have been getting: "Error listening to SSLServerSocket: No available certificate corresponds to the SSL cipher suites which are enabled." is because our certificate is for our virtual IP, and not for our local machine, and therefore Orion is unable to load the certificate correctly because it isnt for the local host. The question is, how do I configure Orion to load a certificate for our virtual site? Here is my configuration, with some entries modified to protect the innocent: web-site host="localhost.simpledevices.com" port="8443" cluster-island="1" secure="true" display-name="SMS WebSite" default-web-app application="sms" name="sms-web" shared="true" load-on-startup="false" / ssl-config keystore="../keys/keystore" keystore-password="123456" / frontend host="virtual.simpledevices.com" port="443"/ access-log path="../log/sms-web-access.log" //web-site I have tried setting the web-site host="[ALL]", but I get an error saying I cannot cluster with that configuration. Though I no longer get the SSLServerSocket error. Thanks for any help, Steve - Original Message - From: Steve Best To: Orion-Interest Sent: Wednesday, October 17, 2001 3:43 PM Subject: Yup, SSL question So, I do not have the original keystore file generated during the certificate request, but I have the original certificate request private key file, as well as the certificate file from Thawte. How do I get them both into a working keystore? Steve
Fw: Yup, SSL question
- Original Message - From: Steve Best To: Orion-Interest Sent: Thursday, October 18, 2001 11:35 AM Subject: Re: Yup, SSL question Nevermind, I have found the keystore and have imported the certificate. I believe my problems now have to do with our clustering/load balancing configuration. We are currently using an Alteon Acedirector 3 for our load balancer. We are also using clustering to maintain sessions. I think the error I have been getting: "Error listening to SSLServerSocket: No available certificate corresponds to the SSL cipher suites which are enabled." is because our certificate is for our virtual IP, and not for our local machine, and therefore Orion is unable to load the certificate correctly because it isnt for the local host. The question is, how do I configure Orion to load a certificate for our virtual site? Here is my configuration, with some entries modified to protect the innocent: web-site host="localhost.simpledevices.com" port="8443" cluster-island="1" secure="true" display-name="SMS WebSite" default-web-app application="sms" name="sms-web" shared="true" load-on-startup="false" / ssl-config keystore="../keys/keystore" keystore-password="123456" / frontend host="virtual.simpledevices.com" port="443"/ access-log path="../log/sms-web-access.log" //web-site I have tried setting the web-site host="[ALL]", but I get an error saying I cannot cluster with that configuration. Though I no longer get the SSLServerSocket error. Thanks for any help, Steve - Original Message - From: Steve Best To: Orion-Interest Sent: Wednesday, October 17, 2001 3:43 PM Subject: Yup, SSL question So, I do not have the original keystore file generated during the certificate request, but I have the original certificate request private key file, as well as the certificate file from Thawte. How do I get them both into a working keystore? Steve
Re: Yup, SSL question
sorry if i'm off track here??, but last time i checked, orion couldn't cluster + SSL at the same time. ithink it's orion bugzilla defect 525 from memory, since i spent some time investigating it. i think elephantwalker is a bit of an expert on this particular issue. you can cluster, and you can setup SSL, but just not at the same time. - Original Message - From: Steve Best To: Orion-Interest Sent: Friday, October 19, 2001 4:35 AM Subject: Re: Yup, SSL question Nevermind, I have found the keystore and have imported the certificate. I believe my problems now have to do with our clustering/load balancing configuration. We are currently using an Alteon Acedirector 3 for our load balancer. We are also using clustering to maintain sessions. I think the error I have been getting: "Error listening to SSLServerSocket: No available certificate corresponds to the SSL cipher suites which are enabled." is because our certificate is for our virtual IP, and not for our local machine, and therefore Orion is unable to load the certificate correctly because it isnt for the local host. The question is, how do I configure Orion to load a certificate for our virtual site? Here is my configuration, with some entries modified to protect the innocent: web-site host="localhost.simpledevices.com" port="8443" cluster-island="1" secure="true" display-name="SMS WebSite" default-web-app application="sms" name="sms-web" shared="true" load-on-startup="false" / ssl-config keystore="../keys/keystore" keystore-password="123456" / frontend host="virtual.simpledevices.com" port="443"/ access-log path="../log/sms-web-access.log" //web-site I have tried setting the web-site host="[ALL]", but I get an error saying I cannot cluster with that configuration. Though I no longer get the SSLServerSocket error. Thanks for any help, Steve - Original Message - From: Steve Best To: Orion-Interest Sent: Wednesday, October 17, 2001 3:43 PM Subject: Yup, SSL question So, I do not have the original keystore file generated during the certificate request, but I have the original certificate request private key file, as well as the certificate file from Thawte. How do I get them both into a working keystore? Steve
Yup, SSL question
So, I do not have the original keystore file generated during the certificate request, but I have the original certificate request private key file, as well as the certificate file from Thawte. How do I get them both into a working keystore? Steve