caucho
Resin
FAQ
Reference Guide
JavaDoc
Demo
Tutorial
Getting Started
Configuration
EJB
Topics
JSP
XTP/XSL
Basic Config
Resin Config
HTTP Config
App Config
Servlet Config
SSL
Login Config
Taglib Config
Summary
 SSL Test Installation

Servlet Config
Configuration
 Login Config
  1. Install JSSE from Sun
  2. Create a test server certificate
  3. resin.conf
  4. Testing
This section gives a quick guide to installing a test SSL configuration. It avoids as many complications as possible and uses Sun's keytool to create a server certificate.

Install JSSE from Sun

Resin's SSL support is provided by Sun's JSSE. Because of export restrictions, patents, etc, you'll need to download the JSSE distribution from Sun or get a commercial JSSE implementation.

More complete JSSE installation instructions for JSSE are at http://java.sun.com/products/jsse/install.html.

  1. First download Sun's JSSE.
  2. Uncompress and extract the downloaded file.
  3. Install the JSSE jar files: jsse.jar, jnet.jar, and jcert.jar. You can either put them into the CLASSPATH or you can put them into $JAVA_HOME/jre/lib/ext. Since you will use "keytool" with the new jars, you need to make them visible to keytool. Just adding them to resin/lib is not enough.
  4. Register the JSSE provider (com.sun.net.ssl.internal.ssl.Provider). Modify $JAVA_HOME/jre/lib/java.security so it contains something like:

    security.provider.1=sun.security.provider.Sun
    security.provider.2=com.sun.net.ssl.internal.ssl.Provider
    Adding the JSSE provider allows "keytool" to create a key using the RSA algorithm.

Create a test server certificate

The server certificate is the core of SSL. It will identify your server and contain the secret key to make encryption work.

  • Sun's keytool
  • A self-signed certificate using open_ssl
  • A test certificate from Thawte
  • A production certificate from one of the certificate authorities (Verisign, Thawte, etc)

In this case, we're using Sun's keytool to generate the server certificate. Here's how:

resin1.2.b2> mkdir keys
resin1.2.b2> keytool -genkey -keyalg RSA -keystore keys/server.keystore
Enter keystore password:  changeit
What is your first and last name?
  [Unknown]:  www.caucho.com
What is the name of your organizational unit?
  [Unknown]:  Resin Engineering
What is the name of your organization?
  [Unknown]:  Caucho Technology, Inc.
What is the name of your City or Locality?
  [Unknown]:  San Francisco
What is the name of your State or Province?
  [Unknown]:  California
What is the two-letter country code for this unit?
  [Unknown]:  US
Is <CN=www.caucho.com, OU=Resin Engineering,
  O="Caucho Technology, Inc.", L=San Francisco, ST=California, C=US> correct?
  [no]:  yes

Enter key password for <mykey>
        (RETURN if same as keystore password):  changeit
Currently, the key password and the keystore password must be the same.

resin.conf

The Resin SSL configuration extends the http configuration with a few new elements.

<caucho.com>
  <http-server>

    <http port=8443>
     <ssl>true</ssl>
     <key-store-file>keys/server.keystore</key-store-file>
     <key-store-password>changeit</key-store-password>
    </http>

    ...

  </http-server>
</caucho.com>

Testing

With the above configuration, you can test SSL with https://localhost:8443. A quick test is the following JSP.

Secure? <%= request.isSecure() %>
Servlet Config
Configuration
 Login Config
Copyright © 1998-2001 Caucho Technology. All rights reserved.
Copyright © 1998-2001 Caucho Technology. All rights reserved.