Setting up OpenSSL with Resin 4.0.32 on Ubuntu 12.0.4
Setup OpenSSL with a self-signed certificate
Next let's create a openssl.cnf file in /etc/resin/keys/openssl.cnf
/etc/resin/keys/openssl.cnf
[ req ] default_bits = 1024 distinguished_name = Caucho [ Caucho ] C = US C_default = US ST = CA ST_default = CA L = San Francisco L_default = San Francisco O = Caucho Tech O_default = Caucho Tech OU = QA Documentation OU_default = QA Documentation CN = www.caucho.com CN_default = www.caucho.com emailAddress = info@caucho.com emailAddress_default = info@caucho.com
The above file is not needed per se, but it will save you a lot of typing later on.
Next create your private key file with openssl.
$ cd /etc/resin/keys $ pwd /etc/resin/keys $ sudo openssl genrsa -des3 -out myprivate.key 1024
The above generates an RSA key which can be used both for encryption and for signing.
You will be prompted for a protecting pass phrase.
(Note that 2048 or higher is recommended for RSA keys, as fewer amount of bits is considered less secure.)
RSA is an algorithm for public-key cryptography that is based on the difficulty of factoring large integers. RSA acronym is for the names of the three creators. RSA creates and then publishes the product of two large prime numbers, along with an another value, as the public key.
Output
Generating RSA private key, 1024 bit long modulus ...++++++ ..........................++++++ e is 65537 (0x10001) Enter pass phrase for /etc/resin/myprivate.key: Verifying - Enter pass phrase for /etc/resin/myprivate.key:
Enter in a password twice. Remember this password, you will need it later.
At this stage, just create a self-signed certificate to see if openssl is working and installed correctly.
$ sudo openssl req -config openssl.cnf -new -key myprivate.key -x509 -out my-self-signed-certificate.crt
Certificates are for public key cryptography and contain the public key. Public keys are easily derived from private keys, and this is why we created the private key first. The certificate is a file that has the organizations information and the public key.
To know if SSL is working, you want to check to see if you can load resin-admin.
Then look in the resin log (/var/log/resin/jvm*.log), and look for the following:
Resin Professional 4.0.32 (built Mon, 01 Oct 2012 02:34:38 PDT)
Copyright(c) 1998-2012 Caucho Technology. All rights reserved.
[13-01-17 21:35:23.624] {main} 1013792.license -- 1 Resin server Caucho
1013792.license -- 1 Resin server Caucho
Starting Resin Professional on Thu, 17 Jan 2013 21:35:21 +0000 (UTC)
...
...
[13-01-17 21:35:27.616] {main} http listening to *:8080
OpenSSL support compiled for OpenSSL 0.9.8o 01 Jun 2010
[13-01-17 21:35:27.710] {main} https listening to *:8443
If you see those two things then all should be well.
___________________________________________________
Bill Digman is a Java EE / Servlet enthusiast and Open Source enthusiast who loves working with Caucho's Resin Servlet Container, a Java EE Web Profile Servlet Container.
Caucho's Resin OpenSource Servlet Container
(Note: Opinions expressed in this article and its replies are the opinions of their respective authors and not those of DZone, Inc.)
