Jarek, Thank you very much, it seems that helped.
The next stack is JKS keystore implementation is missing, but that's a known issue GERONIMO-2015. I'll try to update the patches there somehow. Thanks! Vasily -----Original Message----- From: Jarek Gawor [mailto:[EMAIL PROTECTED] Sent: Wednesday, December 05, 2007 7:22 PM To: [email protected] Subject: Re: TLS instead of SSL? Vasily, Try configuring CORBASSLConfig gbean as shown below into j2ee-corba-yoko module (instead of removing or disabling things): <ns2:module name="org.apache.geronimo.configs/j2ee-corba-yoko/2.1-SNAPSHOT/car"> <ns2:gbean name="CORBASSLConfig"> <ns2:attribute name="protocol">TLS</ns2:attribute> </ns2:gbean> ... Also, jetty looks like is already configured with TLS (unless that info is not getting propagated correctly). Jarek On Dec 5, 2007 9:44 AM, Zakharov, Vasily M <[EMAIL PROTECTED]> wrote: > > > > > Hi, David, > > > > I've removed the following sections from config.xml: > > > > <gbean name="Server"> > > <attribute name="port">${ORBSSLPort + PortOffset}</attribute> > > <attribute name="host">${ORBSSLHost}</attribute> > > </gbean> > > <gbean name="JettySSLConnector"> > > <attribute name="host">${ServerHostname}</attribute> > > <attribute name="port">${HTTPSPortPrimary + PortOffset}</attribute> > > </gbean> > > > > and also the following redirectPort tags: > > > > <gbean name="JettyWebConnector"> > > <attribute name="host">${ServerHostname}</attribute> > > <attribute name="port">${HTTPPortPrimary + PortOffset}</attribute> > > <!-- attribute name="redirectPort">${HTTPSPortPrimary + > PortOffset}</attribute --> > > </gbean> > > <gbean name="JettyAJP13Connector"> > > <attribute name="host">${ServerHostname}</attribute> > > <attribute name="port">${AJPPortPrimary + PortOffset}</attribute> > > <!-- attribute name="redirectPort">${HTTPSPortPrimary + > PortOffset}</attribute --> > > </gbean> > > > > but the stack remains the same: > > > > 17:25:30,836 ERROR [SocketFactory] Unable to create server SSL socket > factory > > org.apache.geronimo.management.geronimo.KeystoreException: Unable to create > SSL Context > > at > org.apache.geronimo.security.keystore.FileKeystoreManager.createSSLConte xt(FileKeystoreManager.java:354) > > at > org.apache.geronimo.security.keystore.FileKeystoreManager.createSSLServe rFactory(FileKeystoreManager.java:296) > > at > org.apache.geronimo.security.keystore.FileKeystoreManager$$FastClassByCG LIB$$4d9d2a71.invoke(<generated>) > > at net.sf.cglib.reflect.FastMethod.invoke(FastMethod.java:53) > > at > org.apache.geronimo.gbean.runtime.FastMethodInvoker.invoke(FastMethodInv oker.java:38) > > at > org.apache.geronimo.gbean.runtime.GBeanOperation.invoke(GBeanOperation.j ava:124) > > at > org.apache.geronimo.gbean.runtime.GBeanInstance.invoke(GBeanInstance.jav a:830) > > at > org.apache.geronimo.gbean.runtime.RawInvoker.invoke(RawInvoker.java:57) > > at > org.apache.geronimo.kernel.basic.RawOperationInvoker.invoke(RawOperation Invoker.java:35) > > at > org.apache.geronimo.kernel.basic.ProxyMethodInterceptor.intercept(ProxyM ethodInterceptor.java:96) > > at > org.apache.geronimo.management.geronimo.KeystoreManager$$EnhancerByCGLIB $$bf6fcb72.createSSLServerFactory(<generated>) > > at > org.apache.geronimo.corba.security.config.ssl.SSLConfig.createSSLServerF actory(SSLConfig.java:112) > > at > org.apache.geronimo.corba.security.config.ssl.SSLConfig$$FastClassByCGLI B$$437ec1a5.invoke(<generated>) > > at net.sf.cglib.reflect.FastMethod.invoke(FastMethod.java:53) > > at > org.apache.geronimo.gbean.runtime.FastMethodInvoker.invoke(FastMethodInv oker.java:38) > > at > org.apache.geronimo.gbean.runtime.GBeanOperation.invoke(GBeanOperation.j ava:124) > > at > org.apache.geronimo.gbean.runtime.GBeanInstance.invoke(GBeanInstance.jav a:830) > > at > org.apache.geronimo.gbean.runtime.RawInvoker.invoke(RawInvoker.java:57) > > at > org.apache.geronimo.kernel.basic.RawOperationInvoker.invoke(RawOperation Invoker.java:35) > > at > org.apache.geronimo.kernel.basic.ProxyMethodInterceptor.intercept(ProxyM ethodInterceptor.java:96) > > at > org.apache.geronimo.corba.security.config.ssl.SSLConfig$$EnhancerByCGLIB $$55d3f0dd.createSSLServerFactory(<generated>) > > at > org.apache.geronimo.yoko.SocketFactory.getServerSocketFactory(SocketFact ory.java:404) > > at > org.apache.geronimo.yoko.SocketFactory.createServerSocket(SocketFactory. java:317) > > at > org.apache.yoko.orb.OCI.IIOP.Acceptor_impl.<init>(Acceptor_impl.java:461 ) > > at > org.apache.yoko.orb.OCI.IIOP.AccFactory_impl.create_acceptor(AccFactory_ impl.java:157) > > at > org.apache.yoko.orb.OBPortableServer.POAManagerFactory_impl.create_POAMa nager(POAManagerFactory_impl.java:251) > > at > org.apache.yoko.orb.OB.ORBControl.initializeRootPOA(ORBControl.java:516) > > at > org.apache.yoko.orb.OBCORBA.ORB_impl.resolve_initial_references(ORB_impl .java:1095) > > at org.apache.geronimo.corba.CORBABean.doStart(CORBABean.java:243) > > at > org.apache.geronimo.gbean.runtime.GBeanInstance.createInstance(GBeanInst ance.java:996) > > at > org.apache.geronimo.gbean.runtime.GBeanInstanceState.attemptFullStart(GB eanInstanceState.java:268) > > at > org.apache.geronimo.gbean.runtime.GBeanInstanceState.start(GBeanInstance State.java:102) > > at > org.apache.geronimo.gbean.runtime.GBeanInstance.start(GBeanInstance.java :539) > > at > org.apache.geronimo.gbean.runtime.GBeanDependency.attemptFullStart(GBean Dependency.java:111) > > at > org.apache.geronimo.gbean.runtime.GBeanDependency.addTarget(GBeanDepende ncy.java:146) > > at > org.apache.geronimo.gbean.runtime.GBeanDependency$1.running(GBeanDepende ncy.java:120) > > at > org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.fireRunningEvent( BasicLifecycleMonitor.java:176) > > at > org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.access$300(BasicL ifecycleMonitor.java:44) > > at > org.apache.geronimo.kernel.basic.BasicLifecycleMonitor$RawLifecycleBroad caster.fireRunningEvent(BasicLifecycleMonitor.java:254) > > at > org.apache.geronimo.gbean.runtime.GBeanInstanceState.attemptFullStart(GB eanInstanceState.java:294) > > at > org.apache.geronimo.gbean.runtime.GBeanInstanceState.start(GBeanInstance State.java:102) > > at > org.apache.geronimo.gbean.runtime.GBeanInstanceState.startRecursive(GBea nInstanceState.java:124) > > at > org.apache.geronimo.gbean.runtime.GBeanInstance.startRecursive(GBeanInst ance.java:553) > > at > org.apache.geronimo.kernel.basic.BasicKernel.startRecursiveGBean(BasicKe rnel.java:379) > > at > org.apache.geronimo.kernel.config.ConfigurationUtil.startConfigurationGB eans(ConfigurationUtil.java:448) > > at > org.apache.geronimo.kernel.config.KernelConfigurationManager.start(Kerne lConfigurationManager.java:187) > > at > org.apache.geronimo.kernel.config.SimpleConfigurationManager.startConfig uration(SimpleConfigurationManager.java:530) > > at > org.apache.geronimo.kernel.config.SimpleConfigurationManager$$FastClassB yCGLIB$$ce77a924.invoke(<generated>) > > at net.sf.cglib.reflect.FastMethod.invoke(FastMethod.java:53) > > at > org.apache.geronimo.gbean.runtime.FastMethodInvoker.invoke(FastMethodInv oker.java:38) > > at > org.apache.geronimo.gbean.runtime.GBeanOperation.invoke(GBeanOperation.j ava:124) > > at > org.apache.geronimo.gbean.runtime.GBeanInstance.invoke(GBeanInstance.jav a:830) > > at > org.apache.geronimo.gbean.runtime.RawInvoker.invoke(RawInvoker.java:57) > > at > org.apache.geronimo.kernel.basic.RawOperationInvoker.invoke(RawOperation Invoker.java:35) > > at > org.apache.geronimo.kernel.basic.ProxyMethodInterceptor.intercept(ProxyM ethodInterceptor.java:96) > > at > org.apache.geronimo.kernel.config.EditableConfigurationManager$$Enhancer ByCGLIB$$ce332814.startConfiguration(<generated>) > > at > org.apache.geronimo.system.main.EmbeddedDaemon.doStartup(EmbeddedDaemon. java:156) > > at > org.apache.geronimo.system.main.EmbeddedDaemon.execute(EmbeddedDaemon.ja va:78) > > at > org.apache.geronimo.kernel.util.MainConfigurationBootstrapper.main(MainC onfigurationBootstrapper.java:45) > > at > org.apache.geronimo.cli.AbstractCLI.executeMain(AbstractCLI.java:67) > > at org.apache.geronimo.cli.daemon.DaemonCLI.main(DaemonCLI.java:30) > > at java.lang.reflect.VMReflection.invokeMethod(VMReflection.java) > > at java.lang.reflect.Method.invoke(Method.java:317) > > at org.apache.harmony.vm.JarRunner.main(JarRunner.java:80) > > Caused by: java.lang.reflect.InvocationTargetException > > at java.lang.reflect.VMReflection.invokeMethod(VMReflection.java) > > at java.lang.reflect.Method.invoke(Method.java:317) > > at > org.apache.geronimo.security.keystore.FileKeystoreManager.createSSLConte xt(FileKeystoreManager.java:345) > > at > org.apache.geronimo.security.keystore.FileKeystoreManager.createSSLServe rFactory(FileKeystoreManager.java:296) > > ... 62 more > > Caused by: java.security.NoSuchAlgorithmException: SSLContext SSL > implementation not found > > at > org.apache.harmony.security.fortress.Engine.getInstance(Engine.java:105) > > at javax.net.ssl.SSLContext.getInstance(SSLContext.java:79) > > at java.lang.reflect.VMReflection.invokeMethod(VMReflection.java) > > ... 65 more > > > > Thank you! > > > > Vasily > > > > > > > > -----Original Message----- > > From: David Jencks [mailto:[EMAIL PROTECTED] > > Sent: Wednesday, December 05, 2007 3:24 AM > > To: [email protected] > > Subject: Re: TLS instead of SSL? > > > > > > On Dec 4, 2007, at 3:10 PM, Zakharov, Vasily M wrote: > > > > > Hi, all, > > > > > > Can Geronimo be tuned to use TLS instead of SSL? > > > Or, can it be tuned to not use SSL at all? > > > > I don't think anyone has tried this before. You might be able to > > disable any gbeans that need ssl. Without a stack trace its hard to > > guess where these might be but a start might be the https > > connectors. If this doesn't work a stack trace would be helpful. > > > > > > I'm trying to run Geronimo 2.0.2 on Apache Harmony, and it fails to > > > start because Harmony doesn't have SSL implementation, though is has > > > TLS. > > > > It's great to see someone working on G + H ! > > > > thanks > > david jencks > > > > > > > > Thanks! > > > > > > Vasily Zakharov > > > Intel ESSD > > > -------------------------------------------------------------------- > > > Closed Joint Stock Company Intel A/O > > > Registered legal address: 125252, Moscow, Russian Federation, > > > Chapayevsky Per, 14. > > > > > > This e-mail and any attachments may contain confidential material for > > > the sole use of the intended recipient(s). Any review or distribution > > > by others is strictly prohibited. If you are not the intended > > > recipient, please contact the sender and delete all copies. > > > > -------------------------------------------------------------------- > Closed Joint Stock Company Intel A/O > Registered legal address: 125252, Moscow, Russian Federation, > Chapayevsky Per, 14. > > This e-mail and any attachments may contain confidential material for > the sole use of the intended recipient(s). Any review or distribution > by others is strictly prohibited. If you are not the intended > recipient, please contact the sender and delete all copies. > > -------------------------------------------------------------------- Closed Joint Stock Company Intel A/O Registered legal address: 125252, Moscow, Russian Federation, Chapayevsky Per, 14. This e-mail and any attachments may contain confidential material for the sole use of the intended recipient(s). Any review or distribution by others is strictly prohibited. If you are not the intended recipient, please contact the sender and delete all copies.
