This content has been marked as final.
Show 1 reply
-
1. Re: Can JBoss/Tomcat use specific alias from keystore (keyal
krishnakumars Nov 14, 2007 10:43 PM (in response to krishnakumars)The earlier post was missing the Connector extracts. Reposting.
----------
We use JBossSX's support for PBESecurityDomain in our Tomcat Connector. Our Connector element looks like this:<Connector port="8445" address="${jboss.bind.address}" maxThreads="100" minSpareThreads="5" maxSpareThreads="15" scheme="https" secure="true" clientAuth="false" sslProtocol = "SSL" ciphers="SSL_RSA_WITH_3DES_EDE_CBC_SHA,SSL_RSA_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_AES_256_CBC_SHA" securityDomain="java:/jaas/encrypt-keystore-password" SSLImplementation="org.jboss.net.ssl.JBossImplementation" />
Our Keystore has multiple aliases in it. By default Tomcat uses the first keystore alias it finds.
I need to change this behavior so Tomcat uses a specific alias. Tomcat standalone supports an attribute of keyAlias in the Connector element. I changed above to look like :<Connector port="8445" address="${jboss.bind.address}" maxThreads="100" minSpareThreads="5" maxSpareThreads="15" scheme="https" secure="true" clientAuth="false" sslProtocol = "SSL" ciphers="SSL_RSA_WITH_3DES_EDE_CBC_SHA,SSL_RSA_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_AES_256_CBC_SHA" securityDomain="java:/jaas/encrypt-keystore-password" SSLImplementation="org.jboss.net.ssl.JBossImplementation" keyAlias="cgss_server_app" />
However, JBoss doesn't seem to pick up the keyAlias attribute.
What am I doing wrong? Does JBoss recognize and honor the keyAlias attribute?