• USA : +1 973 910 5725
  • INDIA: +91 905 291 3388
  • info@tekslate.com
  • Login

Configuring SSL on JBoss

SSL Configuration

Create (or import) SSL certificates using keytool Java command-line utility

Configure SSL connector in Tomcat

Require SSL per application/context using <user-data-constraint>

Adding support for SSL (Secure Socket Layer) is only useful if JBoss AS acts as a stand-alone web server. If JBoss AS is fronted by another web server, like Apache HTTPD, then the security of the communication channel becomes the responsibility of that web server. In that case, JBoss AS communicates with the web server over an unsecured channel (plain-text), but the web server still informs JBoss about the security protocol it has negotiated with the end client.

  1. Only JKS or PKCS12 formats are supported
  2. Use JDK’s keytool command-line tool
  3. Keystore password and certificate password have to be the same (default is “changeit”)
  4. Certificate alias is “tomcat”
  5. Use RSA algorithm for broader support
  6. Use JBoss-specific keystore file
  7. Use site hostname for cert’s common name
  8. For example, run the following from within ${jboss.server.home.url} directory:

Creating SSL Certificates

keytool -genkey -keystore conf/ssl.ks -storepass secret

-alias tomcat -keyalg RSA -keypass secret

What is your first and last name?

[Unknown]: localhost

What is the name of your organizational unit?

[Unknown]: IT

What is the name of your organization?

[Unknown]: Secure Org

What is the name of your City or Locality?

[Unknown]: San Francisco

What is the name of your State or Province?

[Unknown]: CA

What is the two-letter country code for this unit?

[Unknown]: US

Is CN=localhost, OU=IT, O=Secure Org, L=San Francisco, ST=CA, C=US correct?

[no]: yes

Interested in mastering JBOSS Training? Enroll now for FREE demo on JBOSS Training.

Refer to http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html for more info

Configure SSL Connector

Add (uncomment) in ${jboss.server.home.dir}/deploy/jbossweb.sar/server.xml file:

  • <Connector protocol=”HTTP/1.1″ SSLEnabled=”true”
  • port=”8443″ address=”${jboss.bind.address}”
  • scheme=”https” secure=”true” clientAuth=”false”
  • keystoreFile=”${jboss.server.home.dir}/conf/chap8.keystore”

keystorePass=”rmi+ssl” sslProtocol = “TLS” />

If you change the port to 443 (or any other port number), make sure that you also set redirectPort=”443″ in both the non-SSL HTTP and AJP connector elements.

See http://tomcat.apache.org/tomcat-6.0-doc/config/http.html for additional <Connector> options.

Testing SSL Configuration

When starting up JBoss AS, the console should print the following lines:

14:41:01,002 INFO [Http11Protocol] Initializing Coyote HTTP/1.1 on http-0.0.0.0-8080

14:41:02,195 INFO [Http11Protocol] Initializing Coyote HTTP/1.1 on http-0.0.0.0-8443

When you point your browser to http://localhost:8443/status you will get a browser warning telling you that the SSL certificate has not been signed by a certification authority that you trust. This is expected, since we signed our own certificate. Skipping the warning should show the SSL-protected page (pad-lock).

For indepth understanding on JBoss click on:

Summary
Review Date
Reviewed Item
Configuring SSL on JBoss
Author Rating
5

“At TekSlate, we are trying to create high quality tutorials and articles, if you think any information is incorrect or want to add anything to the article, please feel free to get in touch with us at info@tekslate.com, we will update the article in 24 hours.”

0 Responses on Configuring SSL on JBoss"

Leave a Message

Your email address will not be published. Required fields are marked *

Site Disclaimer, Copyright © 2016 - All Rights Reserved.