caucho
Resin
FAQ
Reference Guide
JavaDoc
Demo
Tutorial
Getting Started
Configuration
EJB
Topics
JSP
XTP/XSL
Basic Config
Resin Config
HTTP Config
App Config
Servlet Config
SSL
Login Config
Taglib Config
Summary
 

Servlet Config
Configuration
Login Config
    This section gives a quick guide to installing a test SSL configuration. It avoids as many complications as possible and uses Sun's keytool to create a server certificate.
    Resin's SSL support is provided by Sun's JSSE. Because of export restrictions, patents, etc, you'll need to download the JSSE distribution from Sun or get a commercial JSSE implementation.

    More complete JSSE installation instructions for JSSE are at http://java.sun.com/products/jsse/install.html.

    1. First download Sun's JSSE.
    2. Uncompress and extract the downloaded file.
    3. Install the JSSE jar files: jsse.jar, jnet.jar, and jcert.jar. You can either put them into the CLASSPATH or you can put them into $JAVA_HOME/jre/lib/ext. Since you will use "keytool" with the new jars, you need to make them visible to keytool. Just adding them to resin/lib is not enough.
    4. Register the JSSE provider (com.sun.net.ssl.internal.ssl.Provider). Modify $JAVA_HOME/jre/lib/java.security so it contains something like: 

      security.provider.1=sun.security.provider.Sun
security.provider.2=com.sun.net.ssl.internal.ssl.Provider
      Adding the JSSE provider allows "keytool" to create a key using the RSA algorithm.

    The server certificate is the core of SSL. It will identify your server and contain the secret key to make encryption work.
    • Sun's keytool
    • A self-signed certificate using open_ssl
    • A test certificate from Thawte
    • A production certificate from one of the certificate authorities (Verisign, Thawte, etc)

    In this case, we're using Sun's keytool to generate the server certificate. Here's how: 

    resin1.2.b2> mkdir keys
resin1.2.b2> keytool -genkey -keyalg RSA -keystore keys/server.keystore
Enter keystore password:  changeit
What is your first and last name?
  [Unknown]:  www.caucho.com
What is the name of your organizational unit?
  [Unknown]:  Resin Engineering
What is the name of your organization?
  [Unknown]:  Caucho Technology, Inc.
What is the name of your City or Locality?
  [Unknown]:  San Francisco
What is the name of your State or Province?
  [Unknown]:  California
What is the two-letter country code for this unit?
  [Unknown]:  US
Is <CN=www.caucho.com, OU=Resin Engineering,
  O="Caucho Technology, Inc.", L=San Francisco, ST=California, C=US> correct?
  [no]:  yes

Enter key password for <mykey>
        (RETURN if same as keystore password):  changeit
    Currently, the key password and the keystore password must be the same.

    The Resin SSL configuration extends the http configuration with a few new elements. 

    <caucho.com>
  <http-server>

    <http port=8443>
     <ssl>true</ssl>
     <key-store-file>keys/server.keystore</key-store-file>
     <key-store-password>changeit</key-store-password>
    </http>

    ...

  </http-server>
</caucho.com>

    With the above configuration, you can test SSL with https://localhost:8443. A quick test is the following JSP. 

    Secure? <%= request.isSecure() %>

    Servlet Config
    Configuration
    		Login Config
    Copyright © 1998-2002 Caucho Technology, Inc. All rights reserved.
    Resin® is a registered trademark, and HardCoretm and Quercustm are trademarks of Caucho Technology, Inc.