[jacorb-developer] JacORB configuring SSL with EstablishTrust options

[Marc Winoto]

Hi,
I have some services configured to use SSL.
I'm trying to configure them to use the EstablishTrust options.
I got my key and cert in PEM format and imported them into a new keystore.

With the EstablishTrust options on, (32 and 64), I end up getting
the errors "bad_certificate" on the client and "null cert chain" on the
server side.

Which makes sense. My keystore does not contain the certificate chain.
I can work around this by not using the trust options (see my config below).

I've tried removing the trustees_from_ks option.
And I've tried importing my keystore into a copy of cacerts and using that.
I clearly don't know what I am doing. How do I get this to work with the
trust options on?

Thanks
Marc

----------------------------------------------------------------------
Client options:
jacorb.ssl.socket_factory=org.jacorb.security.ssl.sun_jsse.SSLSocketFactory
jacorb.ssl.server_socket_factory=org.jacorb.security.ssl.sun_jsse.SSLServerSocketFactory
jacorb.security.keystore=myimportedkey
jacorb.security.keystore_password=changeit
jacorb.security.ssl.client.required_options=30
jacorb.security.ssl.client.supported_options=30
jacorb.security.jsse.trustees_from_ks=on
jacorb.security.support_ssl=on
org.omg.PortableInterceptor.ORBInitializerClass.ForwardInit=org.jacorb.security.ssl.sun_jsse.SecurityServiceInitializer


Server options:
jacorb.security.support_ssl=on
jacorb.ssl.socket_factory=org.jacorb.security.ssl.sun_jsse.SSLSocketFactory
jacorb.ssl.server_socket_factory=org.jacorb.security.ssl.sun_jsse.SSLServerSocketFactory
jacorb.security.keystore=myimportedkey
jacorb.security.keystore_password=changeit
jacorb.security.ssl.server.required_options=30
jacorb.security.ssl.server.supported_options=30
jacorb.security.jsse.trustees_from_ks=on
org.omg.PortableInterceptor.ORBInitializerClass.ForwardInit=org.jacorb.security.ssl.sun_jsse.SecurityServiceInitializer