Mastering Resin
|
Using JSSE with Resin
If you or a client aren't comfortable using an open-source produce like OpenSSL, you may be satisfied with Sun's Java Secure Socket Extension (JSSE) product, which provides an implementation of SSL. The following discussion provides a step-by-step look at using JSSE. You can find complete information at http://java.sun.com/products/jsse/install.html. Note that JSSE is really a specification, which can and has been implemented by vendors other than Sun.
To use JSSE, follow these steps:
-
Download JSSE from http://java.sun.com/products/jsse/. If you are using JDK 1.4, skip to step 4; JSSE has been incorporated into the latest release.
-
Extract the files from the JSSE download. Put the files jsse.jar, jnet.jar, and jcert.jar in either the classpath or the $JAVA_HOME/jre/lib/ext directory.
-
Change to the directory $JAVA_HOME/kre/lib/security and open the file java.security. Make sure the .1 and .2 security provider entries look like the following:
security.provider.l=sun.security.provider.Sun security.provider.2=com.sun.net.ssl.internal.ssl.Provider
-
Use the JSSE keytool to build a test server certificate. Figure 13.2 shows a progression through the keytool application.
Figure 13.2: Keytool progression. -
Change the Resin configuration file as shown here:
<http port=443> <jsse-ssl>true</ssl> <key-store-file>keys/server.keystore</key-store-file> <password>password</password> </http>
-
Launch Resin using the resin executable on Linux or httpd.exe on Windows. The system will indicate that it is listening to port 443 for HTTPS files.
-
Add a page on your server like the following to determine if everything works:
<HTML> <BODY> Are we secure? <%= request.isSecure() %> </BODY> </HTML>
|