- JBoss 4.2.3.GA - Java 5 Update 17 - Windows Server 2003 SP2 Hello, everybody!
Since my first post, I've done some research on how to enable SSL in JBoss. Two articles were very helpful to me: - An article that teaches how to configure SSL on Tomcat (I thought that it was good to start from this article because this configuration is very similar to what I was going to find on JBoss relating to SSL): http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html - An article that teaches how to configure SSL on JBoss: http://www.jboss.org/community/docs/DOC-11989 After reading these articles I decided that my SSL configuration would be based on this: - Use JSSE (Java Secure Socket Extension) - Use a self-signed Certificate. So, according to all this, I decided to take the steps listed below to configure SSL. I'm just listing these steps here in the case that I missed something or did something wrong, so you can tell me where the mistake is. 1. Create the self-signed Certificate - %JAVA_HOME%\bin\keytool -genkey -alias jboss -keyalg RSA -keystore server.keystore - Enter keystore password: password - What's your first and last name? www.mydomain.com - What is the name of your organizational unit? Centro de Processamento de Dados - CPD - What is the name of your organization? Universidade Regional do Cariri - URCA - What is the name of your City or Locality? Crato - What is the name of your State or Province? CE - What is the two-letter country code for this unit? BR - Enter key password for 2. Move the keystore "server.keystore" created in C:\Documents and Settings\USER_NAME to %JBOSS_HOME%\server\default\conf. 3. Configure JBoss - In the file %JBOSS_HOME%\server\default\deploy\jboss-web.deployer\server.xml - Change this configuration: <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" | maxThreads="150" scheme="https" secure="true" | clientAuth="false" sslProtocol="TLS" /> - To this: <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" | maxThreads="150" scheme="https" secure="true" | clientAuth="false" sslProtocol="TLS" | keystoreFile="${jboss.server.home.dir}/conf/server.keystore" | keystorePass="password" /> My doubts are: At this point, I'm lost. I don't know if I'm already done or if I have to do something else. I believe that I still need to complete the SSL configuration for use in JBoss, but the second article mentioned above, http://www.jboss.org/community/docs/DOC-11989, doesn't explain very well what it is doing, so I'm confused. For example, it shows four authentication scenarios: 1. SSL enabled on the server - the common case 2. SSL enabled on the server with self-signed client certs - aka mutual authentication - standalone HTTP client 3. SSL enabled on the server with self-signed client certs - aka mutual authentication - Web Browser Client 4. SSL enabled on the server with an openssl CA issued client cert - aka mutual authentication with CA issued client cert I suppose that I should use the first one or the second one, but I'm not sure how. Could you tell me which one I should use? Just to remind you, I want to use a self-signed Certificate and to generate my own Certificate, not to purchase one from a well known Certificate Authority. Also, some steps in scenario 1 and 2 need more explanation to me. For example, in both scenarios there's one step called Run the client: In the first option: java -Djavax.net.ssl.trustStore=client.truststore -Djavax.net.ssl.trustStorePassword=123456 acme/ReadHttpsURL2 https://localhost:8443 In the second option: java -Djavax.net.ssl.keyStore=client.keystore -Djavax.net.ssl.keyStorePassword=123456 -Djavax.net.ssl.trustStore=client.truststore -Djavax.net.ssl.trustStorePassword=123456 acme/ReadHttpsURL2 https://localhost:8443 Which client is this? What happens with this command line? In the second option, SSL enabled on the server with self-signed client certs, there's a step Create the client certificate: keytool -export -alias clientkeys -keystore client.keystore -storepass 123456 -file client.cer Is this command creating the Certificate that I will be using instead of the Certificate provided by a Certificate Authority? As you can see, I have a lot of doubts. I would be very thankful if you could answer my questions and tell me what I should do to fully enable SSL. Thank you. Marcos View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4196846#4196846 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4196846 _______________________________________________ jboss-user mailing list [email protected] https://lists.jboss.org/mailman/listinfo/jboss-user
