Implement SSL in Jboss-6.1.0

Hi

I would like to access my web application from http to https. I have implemented following steps. I am not sure whether I am going right way or not. I have google and find following steps. Guide me if I am wrong.

1. Created the self signed certificate using following JDK 1.6 command

keytool -genkey -alias tomcat -keyalg RSA

2. Move the keystore to C:\jboss-6.1.0.Final\server\default\conf

3. Uncomment following code in the C:\jboss-6.1.0.Final\server\default\deploy\jbossweb.sar\server.xml

<!-- SSL/TLS Connector configuration using the admin devl guide keystore -->

<Connector protocol="HTTP/1.1" SSLEnabled="true"
port="${jboss.web.https.port}" address="${jboss.bind.address}"
scheme="https" secure="true" clientAuth="false"
keystoreFile="${jboss.server.home.dir}/conf/chap8.keystore"
keystorePass="changeit" sslProtocol = "TLS" />

4. Added following code C:\jboss-6.1.0.Final\server\default\conf\bootstrap\security.xml

<bean name="JBossSSLConfiguration" class="org.jboss.security.ssl.JBossSSLConfiguration">
<property name="keyStoreURL">chap8.keystore</property>
<property name="keyStorePassword">changeit</property>
</bean>


4. Restart the application server and deploy the ear file

Access same URL with https but going to blank page.

Could you please let me know the what could cause the problem. Why my application is not running in https?

Regards
Mohan

Hi,

But if we do the below steps, using http also we can access the application and Jboss also,so we need to generate certificate for this.

1) /opt/java_homes/jdk1.6.0_24/bin/keytool -genkey -alias jbosskey -keypass changeit -keyalg RSA -keystore server.keystore

/opt/java_homes/jdk1.6.0_24/bin/keytool is my java keytool path

it will generate the server.keystore in JBoss home directory.

2) /opt/java_homes/jdk1.6.0_24/bin/keytool -list -keystore server.keystore

Make ensure that keystore password will be the case sensitive and you can give your own password otherwise use default password "changeit: to configure the same.

3) /opt/java_homes/jdk1.6.0_24/bin/keytool -export -alias jbosskey -keypass changeit -file server.crt -keystore server.keystore

your jboss key certificate will generate

4) /opt/java_homes/jdk1.6.0_24/bin/keytool -import -alias jbosscert -keypass changeit -file server.crt -keystore server.keystore

/opt/java_homes/jdk1.6.0_24/bin/keytool -list -keystore server.keystore

5) Add the below entries to your server.xml

<Connector port="443" address="${jboss.bind.address}" protocol="AJP/1.3"
emptySessionPath="true" enableLookups="false" redirectPort="443"
keystoreFile="${jboss.server.home.dir}/conf/server.keystore"
keystorePass="Your Own Password or default password"/>

I have done the above steps on JBoss and successfully implemented SSL

Exception : org.apache.coyote.http11.Http11Protocol start SEVERE: Error starting endpoint

java.io.IOException: Cannot recover key at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:394)

I got this problem while doing SSL configuration on JBoss servers.Working around the exception i came to know that in my previous post 1 st point missed out one point that is passing keypass value default.
I made it to my own password and completed the setup.