Win a copy of Think Java: How to Think Like a Computer Scientist this week in the Java in General forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Configuring SSL on JBoss

 
Neelesh A Korade
Greenhorn
Posts: 26
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi

I am trying to figure out how I can configure my webapp to use SSL on JBoss. Here are a couple of references I am looking at-

http://community.jboss.org/wiki/sslsetup

http://www.jboss.org/file-access/default/members/jbossweb/freezone/docs/latest/ssl-howto.html

I am working on jboss-4.2.2.GA.

The first reference above refers to file jbossweb-tomcat41.sar/META-INF/jboss-service.xml where keystore file details have to be updated.

The second reference above refers to $CATALINA_HOME/conf/server.xml file for configuring the secure socket by updating the keystore information.

My question is- for the version of JBoss I am using (jboss-4.2.2.GA), I am unable to find any of these config files. Can someone help me identify the file I need to modify for updating the keystore information in it?

Thank you
Neelesh

 
Jaikiran Pai
Marshal
Pie
Posts: 10447
227
IntelliJ IDE Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
For JBoss AS-4.2.x, the file can be found at JBOSS_HOME/server/< servername>/deploy/jboss-web.deployer/server.xml
 
Francesco Marchioni
author
Ranch Hand
Posts: 194
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Neelesh A Korade wrote:Hi

I am trying to figure out how I can configure my webapp to use SSL on JBoss. Here are a couple of references I am looking at-

http://community.jboss.org/wiki/sslsetup

http://www.jboss.org/file-access/default/members/jbossweb/freezone/docs/latest/ssl-howto.html

I am working on jboss-4.2.2.GA.

The first reference above refers to file jbossweb-tomcat41.sar/META-INF/jboss-service.xml where keystore file details have to be updated.

The second reference above refers to $CATALINA_HOME/conf/server.xml file for configuring the secure socket by updating the keystore information.

My question is- for the version of JBoss I am using (jboss-4.2.2.GA), I am unable to find any of these config files. Can someone help me identify the file I need to modify for updating the keystore information in it?

Thank you
Neelesh


Hi Neelesh,
the configuration file you are talking about is located in your distribution here:
jboss-4.2.2.GA\server\default\deploy\jboss-web.deployer\server.xml

There you need to reference the keystore you've formerly created.
If you want to see some development examples of secure JBoss applications, you might consider having a look at the book I'm promoting this week which contains two chapters about it.
kind regards
Francesco
 
Neelesh A Korade
Greenhorn
Posts: 26
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thank you Francesco and Jai for all your help. My problem is solved.
 
Tom Thomas
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I've been using a self-signed certificate to test an SSL connection from JBoss. One reference I found, http://www.ja-sig.org/wiki/display/CASUM/HOWTO+Configure+JBoss+for+HTTPS, stated I should be running JBoss with the option
-Djavax.net.ssl.trustStore="<C:/yourServerLocation>/server/default/conf/server.keystore" and also have the server.keystore declared in the server.xml file under the 8443 section.

I've found that the command line option overrides the JVM cacerts file- meaning that certificates stored in the JVM security cacerts won't be found and a SSL handshake exception occurs when accessing pages requiring those certificates. I tried storing those certificates in the server.keystore but the JVM couldn't read them.

I later found that the command line option is not necessary for JBoss but can be used to specify the location of the JVM certificates if not in the default location. JBoss seems perfectly happy to use what's in the server.xml declaration.

Bottom line - there appears to be a lot of confusion as to how to setup JBoss for SSL and the relationship to the JVM certificates. What I would really like to do is just use a single keystore for all certicates independent of the current JVM and JBoss versions. Any suggestions?

 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic