Summing up how I did JMS over https (sorry Adrian, overlooked multiple
forum-related dropdowns):
deploy/jms/jbossmq-httpil.sar/META-INF should have:
| <attribute name="URLPrefix">https://</attribute>
| <attribute name="URLPort">8443</attribute>
|
| deploy/jbossweb-tomcat50.sar/server.xml have:
| <Connector port="8443" address="${jboss.bind.address}"
| maxThreads="100" minSpareThreads="5" maxSpareThreads="15"
| scheme="https" secure="true" clientAuth="false"
| keystoreFile="${jboss.server.home.dir}/conf/certpath.keystore"
| keystorePass="whateversyours" sslProtocol = "TLS" />
certpath.keystore has your self-signed digital signature.
the certificate should be stored back to the cacerts repository on the server
(in jre/lib..) so server authentication doesnt throw exception
use host ip not name if that's how the HTTPServerILService is configured.
use correct keystoretype
disable client auth, if not doing so (server auth should be enough)
Add the following in client code:
HostnameVerifier hv = new HostnameVerifier() {
public boolean verify(String urlHostName, SSLSession session) {
System.out.println("Warning: URL Host: "+urlHostName+" vs.
"+session.getPeerHost());
return true;
}
};
HttpsURLConnection.setDefaultHostnameVerifier(hv);
View the original post :
http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3866828#3866828
Reply to the post :
http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3866828
-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
JBoss-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/jboss-user
