Hi, since I need to do EJB calls and access JMS queues through a firewall I started with setting it up to use http as bearer and that was quite simple but when I tried to turn on https I had major problems. The instructions in the AdminDevel book was for Tomcat 4 but it was not hard to figure out how to do it with tomcat 5 (uncomment the appropriate part in server.xml) and so I got it up and running.
When trying to connect however I kept on getting an Exception thrown from the client with message "No trusted certificate found". The JBoss doc doesn't mention that since the generated certificate is not signed by a trusted certificate authority, it has to be imported into the jvm cacert keystore. That is accomplished like this: Export the certificate from https.keystore: keytool -export -v -rfc -alias https -file https.cert -keystore c:\java\jboss-3.2.5\server\default\conf\https.keystore Import it into cacerts: keytool -import -v -trustcacerts -alias my.hostname.com -file https.cert -keystore c:\java\j2sdk1.4.2_04\jre\lib\security\cacerts I used the hostname as alias to be able to keep track of it. The default password of cacerts is "changeit". However, then I started to get exceptions with message "HTTPS hostname wrong: should be <my.hostname.com>". That puzzled me quite a bit since I couldn't find it mentioned anywhere in the JBoss doc and at Sun's javaforums I only found descriptions about how to workaround it programatically. After much of pondering I recalled that the common name of the certificate have to be the hostname. I.e. when generating a key with keytool, when it asks for your first name and last name, write the hostname as first name and leave last name empty. Then the certificate will be correct. I hope this can be helpful for those of you struggeling with the same problem. View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3841521#3841521 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3841521 ------------------------------------------------------- This SF.Net email sponsored by Black Hat Briefings & Training. Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
