aspose file tools*
The moose likes JBoss/WildFly and the fly likes Problem of configuring SSL for Https in Jboss AS 7 Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Products » JBoss/WildFly
Bookmark "Problem of configuring SSL for Https in Jboss AS 7" Watch "Problem of configuring SSL for Https in Jboss AS 7" New topic
Author

Problem of configuring SSL for Https in Jboss AS 7

kishore routhu
Greenhorn

Joined: Jan 17, 2013
Posts: 14
Actually we are migrating from Jboss-4.2.2GA to Jboss As7 it is good to work
with Jboss As7 but the problem is that in Jboss-4.2.2GA the SSL is enabled
and working fine for HTTPS with port 8443 for given following configuration (1)
in Server.xml.



1. SSL Configuration for Https Secure port in Jboss-4.2.2 GA
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="250" scheme="https" secure="true"
clientAuth="false"
strategy="ms"
address="${jboss.bind.address}"
keystoreFile="${jboss.server.home.dir}/conf/ssl/2013-cert/working/server.keystore"
keystorePass="123456"
keystoreType="pkcs12"
sslProtocol="TLS"
SSLHonorCipherOrder="On"
ciphers="SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA"
/>




Where as in Jboss AS7 with given following configuration (2) in Standalone.xml when
start up jboss it throws the following error observed in server.log


2. SSL Configuration for Https Secure port in Jboss As7
<subsystem xmlns="urn:jboss:domain:web:1.1" default-virtual-server="default-host">
<connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" redirect-port="8443" secure="true" max-connections="400">
<ssl name="ssl" password="123456"
certificate-key-file="/www/jboss7/standalone/configuration/ssl/ssl.domainname.crt"
cipher-suite="SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA" protocol="TLSv1" verify-client="false"
verify-depth="10"
keystore-type="PKCS12"
truststore-type="PKCS12"/>
</connector>
<virtual-server name="default-host" enable-welcome-root="true">
<alias name="localhost"/>
<alias name="vela"/>
</virtual-server>
</subsystem>


and tried with following alternative configuration in Jboss AS7


<subsystem xmlns="urn:jboss:domain:web:1.1" default-virtual-server="default-host">
<configuration>
<static-resources sendfile="524288"/>
</configuration>
<connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="http" enable-lookups="true" redirect-port="8443" executor="http-executor" max-connections="50"/>
<connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" redirect-port="8443" secure="true" max-connections="400">
<ssl name="ssl" password="123456"
certificate-key-file="/www/jboss7/standalone/configuration/ssl/2013-cert/working/server.keystore"
cipher-suite="SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA" protocol="TLSv1" verify-client="false"
verify-depth="10" keystore-type="PKCS12" truststore-type="PKCS12"/>
</connector>
<virtual-server name="default-host" enable-welcome-root="true">
<alias name="localhost"/>
</virtual-server>
</subsystem>


RROR [org.apache.coyote.http11.Http11AprProtocol] (MSC service thread 1-2) Error initializing endpoint: java.lang.Exception: Unable to configure permitted SSL ciphers (error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher match)
at org.apache.tomcat.jni.SSLContext.setCipherSuite(Native Method) [jbossweb-7.0.13.Final.jar:]
at org.apache.tomcat.util.net.AprEndpoint.init(AprEndpoint.java:642) [jbossweb-7.0.13.Final.jar:]
at org.apache.coyote.http11.Http11AprProtocol.init(Http11AprProtocol.java:121) [jbossweb-7.0.13.Final.jar:]
at org.apache.catalina.connector.Connector.init(Connector.java:983) [jbossweb-7.0.13.Final.jar:]
at org.jboss.as.web.WebConnectorService.start(WebConnectorService.java:267) [jboss-as-web-7.1.1.Final.jar:7.1.1.Final]
at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1811) [jboss-msc-1.0.2.GA.jar:1.0.2.GA]
at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1746) [jboss-msc-1.0.2.GA.jar:1.0.2.GA]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [rt.jar:1.7.0_13]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [rt.jar:1.7.0_13]
at java.lang.Thread.run(Thread.java:722) [rt.jar:1.7.0_13]


07:00:50,361 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-2) MSC00001: Failed to start service jboss.web.connector.https: org.jboss.msc.service.StartException in service jboss.web.connector.https: JBAS018007: Error starting web connector
at org.jboss.as.web.WebConnectorService.start(WebConnectorService.java:271)
at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1811) [jboss-msc-1.0.2.GA.jar:1.0.2.GA]
at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1746) [jboss-msc-1.0.2.GA.jar:1.0.2.GA]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [rt.jar:1.7.0_13]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [rt.jar:1.7.0_13]
at java.lang.Thread.run(Thread.java:722) [rt.jar:1.7.0_13]
Caused by: LifecycleException: Protocol handler initialization failed: java.lang.Exception: Unable to configure permitted SSL ciphers (error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher match)
at org.apache.catalina.connector.Connector.init(Connector.java:985)
at org.jboss.as.web.WebConnectorService.start(WebConnectorService.java:267)
... 5 more


**** And also migrating from jdk1.6.0_38 to jdk1.7.0_13


Following is KeyStore information
====================================
> keytool -v -list -storetype PKCS12 -keystore server.keystore
Enter keystore password:


Keystore type: PKCS12
Keystore provider: SunJSSE


Your keystore contains 1 entry


Alias name: 1
Creation date: Jun 5, 2013
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:


Do i need any changes in configuration of Jboss AS7 to Successfully enable SSL in as compared to Jboss 4.2.2GA ?

what "keystoreFile" element in Jboss 4.2.2GA configuration represents and
what "certificate-key-file" element in Jboss AS7 configuration represents
These two represents same (i.e keystore) or different ?

What is value of "certificate-key-file" whether it is certificate.crt OR certificate.csr OR server.keystore ?

Please suggest me for the above so that can move futher.


Thanks in advance
Ifteqar Ald
Ranch Hand

Joined: Dec 26, 2011
Posts: 73
Hi Kishore,

Please refer http://docs.jboss.org/jbossweb/7.0.x/config/ssl.html to clarify your doubts about the configuration parameters.

Thanks,
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Problem of configuring SSL for Https in Jboss AS 7
 
Similar Threads
No error at deployment, but at application test
Deployment in JBoss 7.1.1.Final
No bean named 'springSecurityFilterChain' is defined
JBoss 7.1.1.Final: how to exclude Hibernate 4 and use the version packaged in the application ?
Trying to migrate a tutorial on JBoss to incorporate a mysql database