Using JSSE with Resin


Using OpenSSL with Resin

In order to use SSL with Resin, you must have OpenSSL installed on your server. OpenSSL is an open-source implementation of the Secure Socket Layer and is available at www.openssl.org. Once it is downloaded, you can compile the /bin/resin application on a Linux box, which is required to use Resin and SSL. You don't need to do any additional work on a Windows Resin installation.

After OpenSSL is installed, you need to create the various keys for your machine. Follow these steps:

  1. Create a private key for the server where Resin and SSL will execute. The openssl executable is used to create the key. The following options tell the application to generate a DES3 RSA key with a size of 1024 bits, and the resulting key is placed in the file serverkey.key:

       openssl genrsa -des3 -out serverkey.key 1024 

  2. Create a request to have the certificate signed, again using the openssl executable:

       openssl req -new -key serverkey.key -out serverkey.csr 

  3. Obtain a certificate from a Certificate Authority (CA). A few CAs will provide a certificate so you can use SSL on your box. There is a charge for the certificate. Several CAs will provide temporary certificates. Try the following companies:

    • Thawte—www.thawte.com/html/RETAIL/ssl/index.html

    • Verisign—www.verisign.com/products/site/index.html

  4. Receive a test or real certificate file with the extension .crt. Place the original key file and the new .crt file from the CA in the certs directory of the OpenSSL installation.

  5. Add the following information to the Resin configuration file. In the <certificate-file>, you place the UNIX or Windows path to the location where the .crt file is installed. In the <certificate-key-file>, you place the UNIX or Windows path to the location where the original .key file is installed:

       <http port='443'>     <openssl>     <certificate-file>       /usr/local/ssl/certs/keyserver.crt     </certificate-file>     <certificate-key-file>       /usr/local/ssl/certs/keyserver.key     </certificate-key-file>     <password>password</password>   </http> 

  6. Launch Resin using the resin executable on Linux or httpd.exe on Windows. The system will indicate that it is listening to port 443 for HTTPS files.

  7. Add a page on your server like the following to determine if everything works:

       <HTML>   <BODY>   Are we secure? <%= request.isSecure() %>   </BODY>   </HTML> 




Mastering Resin
Mastering Resin
ISBN: 0471431036
EAN: 2147483647
Year: 2002
Pages: 180

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net