RE: SSL support for Jigsaw2.2.2 from Laird, Brian on 2003-06-19 (www-jigsaw@w3.org from May to June 2003)

From: Laird, Brian <BLaird@perseco.com>
Date: Thu, 19 Jun 2003 08:59:03 -0500
To: "madhukiran" <madhukirant@vedams.com>, <www-jigsaw@w3.org>
Message-ID: <45A6279F82E4CA4BBDC0F4EFC7B6A2FE127ED0@atlas.perseco.com>
Madhu,
 
The only problem I saw was in the server.props file.  See my answers/comments below...
 
Brian

-----Original Message-----
From: madhukiran [mailto:madhukirant@vedams.com]
Sent: Wednesday, June 18, 2003 2:07 PM
To: Laird, Brian
Subject: Re: SSL support for Jigsaw2.2.2


hi brian,
      thank you for your response.i have few questions.
 
[Laird, Brian] Step 1 looks correct
 
     1. i created a https-server.props and copied the contents from  http-server.props and added the following lines
 
     org.w3c.jigsaw.ssl.enabled=true
    org.w3c.jigsaw.ssl.keystore.path=/home/sslstore.keystore
    org.w3c.jigsaw.ssl.keystore.password=sslstorepass
    org.w3c.jigsaw.http.ClientFactory=org.w3c.jigsaw.https.socket.SSLSocketClientFactory
 
    2. i changed the contents of the server.props file and now it looks like this
 
    org.w3c.jigsaw.daemon.handlers=https-server|admin-server
    https-server.org.w3c.jigsaw.daemon.class=org.w3c.jigsaw.webdavs.webdavsd
[Laird, Brian] I haven't used webdav w/ SSL support before.   This is what ours looks like to act as a standard web server:
 https-server.org.w3c.jigsaw.daemon.class=org.w3c.jigsaw.https.httpsd
    admin-server.org.w3c.jigsaw.daemon.class=org.w3c.jigsaw.admin.AdminServer
 
    3. when i try to run the jigsaw server i am getting the following error message
 
        loading properties from: /home/Jigsaw/Jigsaw/config/server.props
        Unable to launch https-server: Unable to create a client factory of class "org.w3c.jigsaw.https.socket.SSLSocketClientFactory" details:
        No cipher suites supported by this SSL socket factory.
        Please check your factory, key store, store password and cerificates.
        *** Warning : JigAdmin[2.2.2]: no logger specified, not logging.
        JigAdmin[2.2.2]: serving at http://linmac:8009/
 
    4 i have created a keystore following your specifications by the name sslstore.keystore and placed it in /home. i have used the following commands


[Laird, Brian] run the following command to confirm keystore is built properly:
keytool -list -v -alias servername.companyname.com -keystore /home/sslstore.keystore
 
You should see something like the following:
 
 Keystore type: jks
Keystore provider: SUN
 
Your keystore contains 1 entry
 
Alias name: server1.companyname.com
Creation date: May 19, 2003
Entry type: keyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=server1.companyname.com, OU=IT, O=CompanyName, L=City, ST=State, C=US
Issuer: CN=server1.companyname.com, OU=IT, O=CompanyName, L=City, ST=State, C=US
Serial number: 3ed91255
Valid from: Mon May 19 12:50:13 CDT 2003 until: Sun Aug 17 12:50:13 CDT 2003
Certificate fingerprints:
         MD5:  DE:99:99:5C:4F:34:49:0D:1A:EB:F1:EA:41:F0:D2:84
         SHA1: AB:06:FA:9A:56:E4:B7:82:E2:33:C4:DC:AE:27:00:D6:A2:E4:A4:6F
 


*******************************************
*******************************************
 

         Creating the self-signed certificate:
        1) keytool -genkey -alias servername.companyname.com -keypass anypassword -keystore /opt/jigsaw/dev/Jigsaw/keystore/testcert.keystore -keyalg RSA
        2) keytool -selfcert -alias servername.companyname.com -keystore /opt/jigsaw/dev/Jigsaw/keystore/testcert.keystore -keyalg RSA
 
        but i have not used the -keyalg option.

[Laird, Brian] I found that we needed the keyalg option for Internet Explorer to recognize the ssl certificate.  The default encryption algorithm didn't seem be recognized.
 
        can you help me on this.
 
thanks and regards
madhu

ps: i have not updated my ssladapter and sslsocketclient factory classes

 
 
 
 
 
 
 
----- Original Message ----- 
From: Laird,  <mailto:BLaird@perseco.com> Brian 
To: madhukiran <mailto:madhukirant@vedams.com>  
Cc: www-jigsaw@w3.org 
Sent: Tuesday, June 17, 2003 7:19 PM
Subject: RE: SSL support for Jigsaw2.2.2

The https-server.props file is a file you need to make.  I would take your default http.props file and start with it.  From there follow the directions.  If you want to have both http and https support you can alter the server.props file to have both types start up.  This is also useful if you want one jigsaw server to serve up multiple ssl certificates.  There is a code fix I submitted to handle multiple certificates which would help with this.  Let me know if you have more questions.
 
Brian
Received on Thursday, 19 June 2003 10:01:16 UTC