RE: Problem of configuration Jigsaw SSL from Laird, Brian on 2003-04-03 (www-jigsaw@w3.org from March to April 2003)

From: Laird, Brian <BLaird@perseco.com>
Date: Thu, 3 Apr 2003 08:01:08 -0600
To: <www-jigsaw@w3.org>
Message-ID: <45A6279F82E4CA4BBDC0F4EFC7B6A2FE6FE96A@atlas.perseco.com>

[This is being resent so that it can be included in the list archive]

Ringo,

First, using a self signed certificate does work.  We have about 5 of them running here right now.  Below are the config items I have in my https-server.props file, and then also the steps we use to create the self signed certificate.  I hope this helps...

Brian

https-server.props file:

#Explicitly enables general SSL support
org.w3c.jigsaw.ssl.enabled=true
[Ringo this is the keystore I created which contains the self signed certificate]
# Points to the key store
org.w3c.jigsaw.ssl.keystore.path=keystore/testcert.keystore
# Supplies the key store access password
org.w3c.jigsaw.ssl.keystore.password=
#Finally, the socket client factory has to be set to the SSL factory:
org.w3c.jigsaw.http.ClientFactory=org.w3c.jigsaw.https.socket.SSLSocketClientFactory

Creating the self-signed certificate:
1) keytool -genkey -alias servername.companyname.com -keypass anypassword -keystore /opt/jigsaw/dev/Jigsaw/keystore/testcert.keystore -keyalg RSA
2) keytool -selfcert -alias servername.companyname.com -keystore /opt/jigsaw/dev/Jigsaw/keystore/testcert.keystore -keyalg RSA



-----Original Message-----
From: 01719745g [mailto:01719745g@polyu.edu.hk]
Sent: Wednesday, April 02, 2003 8:27 PM
To: Laird, Brian
Subject: RE: Problem of configuration Jigsaw SSL


Dear Brian,

Thank you for your reply, but I'm sorry the cert generated by RSA doesn't 
work.

I'd like to ask: 
1. Does a simple self-signed cert work for testing?
2. How should the https-server.props be configured?

Would you pls give me some suggestion for these? Thx!

BR~
Ringo

>===== Original Message From "Laird, Brian" <BLaird@perseco.com> =====
>Ringo,
>
>What I found was that I had to generate the certificates using the RSA key 
algorithm.  It is a simple option added on the command line (-keyalg RSA).  I 
used it on each of the commands when I created the certificates, which seem to 
fix the same problem I was having.  Hope this helps.
>
>Brian
>
>-----Original Message-----
>From: 01719745g [mailto:01719745g@polyu.edu.hk]
>Sent: Wednesday, April 02, 2003 2:25 AM
>To: www-jigsaw@w3.org
>Subject: Problem of configuration Jigsaw SSL
>
>
>
>
>
>
>Dear Sir/Madam,
>
>I am setting up a Jigsaw (ver. 2.2.2) server with  SSL but when I start it 
up,
>the following error occurs:
>javax.net.ssl.SSLException: No availabe certificate corresponds to the SSL
>cipher suits which are enabled.
>
>I created a self-signed certifcate in keystore for testing and configured the
>https-server.props as below:
>org.w3c.jigsaw.ssl.enabled=true
>org.w3c.jigsaw.ssl.keystore=/root/.keystore
>org.w3c.jigsaw.ssl.keystore.password=123456
>org.w3c.jigsaw.http.ClientFactory=org.w3c.jigsaw.https.socketSSLSocketClientF
a
>ctory
>
>Would you pls give me an advise to solve the problem?
>
>Thx
>
>Ringo Wong
>-------------
>The PolyU of HK
>MIC (Multimedia Innovation Center)

Received on Thursday, 3 April 2003 09:01:19 UTC