|
|  |

This section gives a quick guide to installing a test SSL
configuration. It avoids as many complications as possible and uses
Sun's keytool to create a server certificate.
Resin's SSL support is provided by Sun's
JSSE. Because of
export restrictions, patents, etc, you'll need to download the JSSE
distribution from Sun or get a commercial JSSE implementation.
More complete JSSE installation instructions for JSSE are at
http://java.sun.com/products/jsse/install.html.
- First download Sun's JSSE.
- Uncompress and extract the downloaded file.
- Install the JSSE jar files: jsse.jar, jnet.jar, and jcert.jar. You can
either put them into the CLASSPATH or you can put them into $JAVA_HOME/jre/lib/ext. Since you will use "keytool" with the new jars, you need to make them
visible to keytool. Just adding them to resin/lib is not enough.
- Register the JSSE provider (com.sun.net.ssl.internal.ssl.Provider).
Modify $JAVA_HOME/jre/lib/java.security so it contains something like:
security.provider.1=sun.security.provider.Sun
security.provider.2=com.sun.net.ssl.internal.ssl.Provider
|
Adding the JSSE provider allows "keytool" to create a key using the RSA
algorithm.
The server certificate is the core of SSL. It will identify your server and
contain the secret key to make encryption work.
- Sun's keytool
- A self-signed certificate using open_ssl
- A test certificate from Thawte
- A production certificate from one of the certificate authorities (Verisign, Thawte, etc)
In this case, we're using Sun's keytool to generate the
server certificate. Here's how:
resin1.2.b2> mkdir keys
resin1.2.b2> keytool -genkey -keyalg RSA -keystore keys/server.keystore
Enter keystore password: changeit
What is your first and last name?
[Unknown]: www.caucho.com
What is the name of your organizational unit?
[Unknown]: Resin Engineering
What is the name of your organization?
[Unknown]: Caucho Technology, Inc.
What is the name of your City or Locality?
[Unknown]: San Francisco
What is the name of your State or Province?
[Unknown]: California
What is the two-letter country code for this unit?
[Unknown]: US
Is <CN=www.caucho.com, OU=Resin Engineering,
O="Caucho Technology, Inc.", L=San Francisco, ST=California, C=US> correct?
[no]: yes
Enter key password for <mykey>
(RETURN if same as keystore password): changeit
|
Currently, the key password and the keystore password must be the same.
The Resin SSL configuration extends the http configuration with a few new
elements.
<caucho.com>
<http-server>
<http port=8443>
<ssl>true</ssl>
<key-store-file>keys/server.keystore</key-store-file>
<key-store-password>changeit</key-store-password>
</http>
...
</http-server>
</caucho.com>
|
With the above configuration, you can test SSL with https://localhost:8443.
A quick test is the following JSP.
Secure? <%= request.isSecure() %>
|
Copyright © 1998-2002 Caucho Technology, Inc. All rights reserved.
Resin® is a registered trademark,
and HardCoretm and Quercustm are trademarks of Caucho Technology, Inc. |  |
|