Bill Digman is a Java EE / Servlet enthusiast and Open Source enthusiast who loves working with Caucho's Resin Servlet Container, a Java EE Web Profile Servlet Container. Bill has posted 12 posts at DZone. You can read more from them at their website. View Full User Profile

Setting up OpenSSL with Resin 4.0.32 on Ubuntu 12.0.4

02.13.2013
| 3204 views |
  • submit to reddit

Setup OpenSSL with a self-signed certificate

Next let's create a openssl.cnf file in /etc/resin/keys/openssl.cnf

/etc/resin/keys/openssl.cnf

[ req ]
 default_bits            = 1024
 distinguished_name      = Caucho

[ Caucho ]
 C                      = US
 C_default              = US
 ST                     = CA
 ST_default             = CA
 L                      = San Francisco
 L_default              = San Francisco
 O                      = Caucho Tech
 O_default              = Caucho Tech
 OU                     = QA Documentation
 OU_default             = QA Documentation
 CN                     = www.caucho.com
 CN_default             = www.caucho.com
 emailAddress           = info@caucho.com
 emailAddress_default   = info@caucho.com

The above file is not needed per se, but it will save you a lot of typing later on.

Next create your private key file with openssl.

$ cd /etc/resin/keys
$ pwd
/etc/resin/keys
$ sudo openssl genrsa -des3 -out myprivate.key 1024

The above generates an RSA key which can be used both for encryption and for signing.

You will be prompted for a protecting pass phrase.

(Note that 2048 or higher is recommended for RSA keys, as fewer amount of bits is considered less secure.)


RSA is an algorithm for public-key cryptography that is based on the difficulty of factoring large integers. RSA acronym is for the names of the three creators. RSA creates and then publishes the product of two large prime numbers, along with an another value, as the public key.


Output

Generating RSA private key, 1024 bit long modulus
...++++++
..........................++++++
e is 65537 (0x10001)
Enter pass phrase for /etc/resin/myprivate.key:
Verifying - Enter pass phrase for /etc/resin/myprivate.key:

Enter in a password twice. Remember this password, you will need it later.

At this stage, just create a self-signed certificate to see if openssl is working and installed correctly.

$ sudo openssl req -config openssl.cnf -new -key myprivate.key -x509 -out my-self-signed-certificate.crt

Certificates are for public key cryptography and contain the public key. Public keys are easily derived from private keys, and this is why we created the private key first. The certificate is a file that has the organizations information and the public key.

To know if SSL is working, you want to check to see if you can load resin-admin.

Then look in the resin log (/var/log/resin/jvm*.log), and look for the following:

Resin Professional 4.0.32 (built Mon, 01 Oct 2012 02:34:38 PDT)
Copyright(c) 1998-2012 Caucho Technology.  All rights reserved.

[13-01-17 21:35:23.624] {main}   1013792.license -- 1 Resin server Caucho
                       
  1013792.license -- 1 Resin server Caucho

Starting Resin Professional on Thu, 17 Jan 2013 21:35:21 +0000 (UTC)

...
...
[13-01-17 21:35:27.616] {main} http listening to *:8080
OpenSSL support compiled for OpenSSL 0.9.8o 01 Jun 2010
[13-01-17 21:35:27.710] {main} https listening to *:8443

If you see those two things then all should be well.

___________________________________________________

Bill Digman is a Java EE / Servlet enthusiast and Open Source enthusiast who loves working with Caucho's Resin Servlet Container, a Java EE Web Profile Servlet Container.

Caucho's Resin OpenSource Servlet Container

Java EE Web Profile Servlet Container

Caucho's Resin 4.0 JCache blog post

Published at DZone with permission of its author, Bill Digman.

(Note: Opinions expressed in this article and its replies are the opinions of their respective authors and not those of DZone, Inc.)