Configuring SSL on JBoss

Ratings:
(4)
Views: 0
Banner-Img
Share this blog:

 

SSL Configuration

Create (or import) SSL certificates using keytool Java command-line utility Configure SSL connector in Tomcat Require SSL per application/context using <user-data-constraint>

Adding support for SSL (Secure Socket Layer) is only useful if JBoss AS acts as a stand-alone web server. If JBoss AS is fronted by another web server, like Apache HTTPD, then the security of the communication channel becomes the responsibility of that web server. In that case, JBoss AS communicates with the webserver over an unsecured channel (plain-text), but the webserver still informs JBoss about the security protocol it has negotiated with the end client.

 

To enrich your career and become a JBoss professional, visit Tekslate, the global online training platform:" JBoss Training". This course will help you achieve excellence in this field.

  1. Only JKS or PKCS12 formats are supported
  2. Use JDK’s keytool command-line tool
  3. Keystore password and certificate password have to be the same (default is "changeit")
  4. Certificate alias is "tomcat"
  5. Use RSA algorithm for broader support
  6. Use JBoss-specific keystore file
  7. Use site hostname for cert’s common name
  8. For example, run the following from within ${jboss.server.home.url} directory:

Creating SSL Certificates keytool -genkey -keystore conf/ssl.ks -storepass secret -alias tomcat -keyalg RSA -keypass secret What is your first and last name? [Unknown]: localhost What is the name of your organizational unit? [Unknown]: IT What is the name of your organization? [Unknown]: Secure Org What is the name of your City or Locality? [Unknown]: San Francisco What is the name of your State or Province? [Unknown]: CA What is the two-letter country code for this unit? [Unknown]: US Is CN=localhost, OU=IT, O=Secure Org, L=San Francisco, ST=CA, C=US correct? [no]: yes

Refer to http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html for more info

Configure SSL Connector Add (uncomment) in ${jboss.server.home.dir}/deploy/jbossweb.sar/server.xml file:

  • <Connector protocol="HTTP/1.1" SSLEnabled="true"
  • port="8443" address="${jboss.bind.address}"
  • scheme="https" secure="true" clientAuth="false"
  • keystoreFile="${jboss.server.home.dir}/conf/chap8.keystore"

keystorePass="rmi+ssl" sslProtocol = "TLS" /> If you change the port to 443 (or any other port number), make sure that you also set redirectPort="443" in both the non-SSL HTTP and AJP connector elements. See http://tomcat.apache.org/tomcat-6.0-doc/config/http.html for additional <Connector> options. Testing SSL Configuration When starting up JBoss AS, the console should print the following lines: ... 14:41:01,002 INFO [Http11Protocol] Initializing Coyote HTTP/1.1 on http-0.0.0.0-8080 14:41:02,195 INFO [Http11Protocol] Initializing Coyote HTTP/1.1 on http-0.0.0.0-8443 ... When you point your browser to http://localhost:8443/status you will get a browser warning telling you that the SSL certificate has not been signed by a certification authority that you trust. This is expected, since we signed our own certificate. Skipping the warning should show the SSL-protected page (pad-lock).

 

You liked the article?

Like: 0

Vote for difficulty

Current difficulty (Avg): Medium

EasyMediumHardDifficultExpert
IMPROVE ARTICLEReport Issue

About Author

Authorlogo
Name
TekSlate
Author Bio

TekSlate is the best online training provider in delivering world-class IT skills to individuals and corporates from all parts of the globe. We are proven experts in accumulating every need of an IT skills upgrade aspirant and have delivered excellent services. We aim to bring you all the essentials to learn and master new technologies in the market with our articles, blogs, and videos. Build your career success with us, enhancing most in-demand skills in the market.

Stay Updated
Get stories of change makers and innovators from the startup ecosystem in your inbox