Setting up a secure site using SSL

Written by Hani Suleiman

This guide explains how to set up a secure site that's accessible through the https protocol. For setting up SSL in Orion, only step 2 and 3 are necessary, but to use SSL you need a certificate and step 1 goes through how to get a certificate from thawte for testing purposes. For SSL you need JDK 1.3 or you have to download a third party provider. Also, for some reason the thawte-site might not work if you copy/paste using certain netscape versions.

1. Creating a keystore with a certificate:
   

   • keytool -genkey -keyalg "RSA" -keystore keystore 
     -storepass 123456 -validity 360

   • keytool -certreq -keyalg "RSA" -file my.host.com.csr 
     -keystore keystore

   • Generate a test certificate from  Thawte using the .csr  (fill in the form, then select  PKCS #7 Format)
     
   • paste the result into my.host.com.cer

   • keytool -keystore keystore -keyalg "RSA" -import -trustcacerts 
     -file my.host.com.cer

   You'll now have a "keystore" file in your current directory.

2. Creating a secure site:
   • Copy the default-web-site.xml config in the /config directory to secure-web-site.xml and edit it.
   • Add secure="true" as an attribute to the <web-site ...>  tag.
   • Add <ssl-config keystore="../my/keystore" keystore-password="123456" /> the keystore to the main body.
   • Install the site, this is done by adding <web-site path="./secure-web-site.xml" /> the site to server.xml.
3. Setting up cert-based client auth:
   • Add needs-client-auth="true" to the node.
   • Get a client cert for testing, this can be done at: http://www.verisign.com/client/enrollment/index.html
   • Login as a user and register your profile, this can be done via the page found at /demo/ssl/ssl-user-registration.jsp

Copyright © 2007 IronFlare AB