-
1. Re: JBoss 2.4.4 + Tomcat 4.0.1 and SSL
cbboatwr Jan 2, 2002 3:14 PM (in response to kuzmenko)You have to add an additional inside your tag. If I'm not mistaken, it would be:
<mbean ... >
< .. same stuff as you have here .. >
Alternatively, you could remove the "SecurityDomain" attribute and add a Config attribute similar to above, but instead make it secure:
<mbean ... >
< .. same stuff as you have here minus the Security Domain attribute .. >
Regardless of which method you choose (not sure one is better than another) this will tell Tomcat to listen to both ports, one secure and the other non-secure. This should work with 2.4.4 (it does not work with 2.4.3).
Hope this helps,
Colin -
2. Re: JBoss 2.4.4 + Tomcat 4.0.1 and SSL
nphelps Jan 2, 2002 10:47 PM (in response to kuzmenko)I want to do the same thing, but I'm a bit confused trying to combine the two posts. Can someone post an example with everything we need to put in jboss.jcml to enable SSL on port 443 and normal http on port 80 using JBoss 2.4.4 and Tomcat 4.0.1? Ideally, it should always accept HTTP and redirect to the SSL port if a security constraint is present (just like stand alone Tomcat 4.0).
-
3. Re: JBoss 2.4.4 + Tomcat 4.0.1 and SSL
johnnycannuk Jan 6, 2002 4:31 PM (in response to kuzmenko)This is the solution I posted here: http://jboss.org/forums/thread.jsp?forum=61&thread=6234
//(no 's' on arg...)
.keystore
changeit
...
and
...
<!-- Uncomment to add embedded catalina service -->
80
This works great on all platforms... I guess I have an 'old' version of the 2.4.4 catalina bundle at work
As for redirect, the above can also take a parameter like redirectPort="443" in the connector tag or as
443
Play around and let me know if this works
Mike -
4. Re: JBoss 2.4.4 + Tomcat 4.0.1 and SSL
bchi49 Jan 25, 2002 10:58 PM (in response to kuzmenko)I can't get this to work. I was able to browse the https port. When I turn on the JSSE debug and then browse, I see this debug info on the console:
================================
[INFO,Default] [read] MD5 and SHA1 hashes: len = 3
0000[INFO,Default] :
01[INFO,Default]
03[INFO,Default]
00[INFO,Default]
[INFO,Default]
[INFO,Default]
[INFO,Default]
[INFO,Default]
[INFO,Default]
[INFO,Default]
[INFO,Default]
[INFO,Default]
[INFO,Default]
[INFO,Default]
[INFO,Default]
[INFO,Default]
[INFO,Default]
[INFO,Default]
[INFO,Default]
[INFO,Default] .
[INFO,Default] .
[INFO,Default] .
[INFO,Default]
[INFO,Default] [read] MD5 and SHA1 hashes: len = 64
0000[INFO,Default] :
00[INFO,Default]
2A[INFO,Default]
00[INFO,Default]
00[INFO,Default]
00[INFO,Default]
10[INFO,Default]
00[INFO,Default]
00[INFO,Default]
[INFO,Default]
04[INFO,Default]
00[INFO,Default]
00[INFO,Default]
05[INFO,Default]
00[INFO,Default]
00[INFO,Default]
0A[INFO,Default]
01[INFO,Default]
[INFO,Default]
[INFO,Default] .
*[INFO,Default] .
[INFO,Default] .
[INFO,Default] .
[INFO,Default] .
[INFO,Default] .
[INFO,Default] .
[INFO,Default] .
[INFO,Default] .
[INFO,Default] .
[INFO,Default] .
[INFO,Default] .
[INFO,Default] .
[INFO,Default] .
[INFO,Default] .
[INFO,Default]
0010[INFO,Default] :
00[INFO,Default]
80[INFO,Default]
07[INFO,Default]
00[INFO,Default]
C0[INFO,Default]
03[INFO,Default]
00[INFO,Default]
80[INFO,Default]
[INFO,Default]
00[INFO,Default]
00[INFO,Default]
09[INFO,Default]
06[INFO,Default]
00[INFO,Default]
40[INFO,Default]
00[INFO,Default]
00[INFO,Default]
[INFO,Default]
[INFO,Default] .
[INFO,Default] .
[INFO,Default] .
[INFO,Default] .
[INFO,Default] .
[INFO,Default] .
[INFO,Default] .
[INFO,Default] .
[INFO,Default] .
[INFO,Default] .
[INFO,Default] .
[INFO,Default] .
[INFO,Default] .
@[INFO,Default] .
[INFO,Default] .
[INFO,Default]
0020[INFO,Default] :
64[INFO,Default]
00[INFO,Default]
00[INFO,Default]
62[INFO,Default]
00[INFO,Default]
00[INFO,Default]
03[INFO,Default]
00[INFO,Default]
[INFO,Default]
00[INFO,Default]
06[INFO,Default]
02[INFO,Default]
00[INFO,Default]
80[INFO,Default]
04[INFO,Default]
00[INFO,Default]
80[INFO,Default]
[INFO,Default]
d[INFO,Default] .
[INFO,Default] .
b[INFO,Default] .
[INFO,Default] .
[INFO,Default] .
[INFO,Default] .
[INFO,Default] .
[INFO,Default] .
[INFO,Default] .
[INFO,Default] .
[INFO,Default] .
[INFO,Default] .
[INFO,Default] .
[INFO,Default] .
[INFO,Default]
0030[INFO,Default] :
64[INFO,Default]
56[INFO,Default]
10[INFO,Default]
43[INFO,Default]
DE[INFO,Default]
F4[INFO,Default]
74[INFO,Default]
D8[INFO,Default]
[INFO,Default]
FB[INFO,Default]
79[INFO,Default]
A9[INFO,Default]
95[INFO,Default]
82[INFO,Default]
88[INFO,Default]
E8[INFO,Default]
51[INFO,Default]
[INFO,Default]
dV[INFO,Default] .
C[INFO,Default] .
[INFO,Default] .
t[INFO,Default] .
[INFO,Default] .
y[INFO,Default] .
[INFO,Default] .
[INFO,Default] .
[INFO,Default] .
[INFO,Default] .
Q[INFO,Default]
[INFO,Default] HttpProcessor[443][4], READ: SSL v2, contentType = 22, translated length = 59
[INFO,Default] *** ClientHello, v3.0
[INFO,Default] RandomCookie:
[INFO,Default] GMT: 0
[INFO,Default] bytes = {
[INFO,Default] 0
[INFO,Default] ,
[INFO,Default] 0
[INFO,Default] ,
[INFO,Default] 0
[INFO,Default] ,
[INFO,Default] 0
[INFO,Default] ,
[INFO,Default] 0
[INFO,Default] ,
[INFO,Default] 0
[INFO,Default] ,
[INFO,Default] 0
[INFO,Default] ,
[INFO,Default] 0
[INFO,Default] ,
[INFO,Default] 0
[INFO,Default] ,
[INFO,Default] 0
[INFO,Default] ,
[INFO,Default] 0
[INFO,Default] ,
[INFO,Default] 0
[INFO,Default] ,
[INFO,Default] 100
[INFO,Default] ,
[INFO,Default] 86
[INFO,Default] ,
[INFO,Default] 16
[INFO,Default] ,
[INFO,Default] 67
[INFO,Default] ,
[INFO,Default] 222
[INFO,Default] ,
[INFO,Default] 244
[INFO,Default] ,
[INFO,Default] 116
[INFO,Default] ,
[INFO,Default] 216
[INFO,Default] ,
[INFO,Default] 251
[INFO,Default] ,
[INFO,Default] 121
[INFO,Default] ,
[INFO,Default] 169
[INFO,Default] ,
[INFO,Default] 149
[INFO,Default] ,
[INFO,Default] 130
[INFO,Default] ,
[INFO,Default] 136
[INFO,Default] ,
[INFO,Default] 232
[INFO,Default] ,
[INFO,Default] 81
[INFO,Default] }
[INFO,Default] Session ID:
[INFO,Default] {}
[INFO,Default] Cipher Suites: {
[INFO,Default] 0
[INFO,Default] ,
[INFO,Default] 4
[INFO,Default] ,
[INFO,Default] 0
[INFO,Default] ,
[INFO,Default] 5
[INFO,Default] ,
[INFO,Default] 0
[INFO,Default] ,
[INFO,Default] 10
[INFO,Default] ,
[INFO,Default] 0
[INFO,Default] ,
[INFO,Default] 9
[INFO,Default] ,
[INFO,Default] 0
[INFO,Default] ,
[INFO,Default] 100
[INFO,Default] ,
[INFO,Default] 0
[INFO,Default] ,
[INFO,Default] 98
[INFO,Default] ,
[INFO,Default] 0
[INFO,Default] ,
[INFO,Default] 3
[INFO,Default] ,
[INFO,Default] 0
[INFO,Default] ,
[INFO,Default] 6
[INFO,Default] }
[INFO,Default] Compression Methods: {
[INFO,Default] 0
[INFO,Default] }
[INFO,Default] ***
[INFO,Default] %% Created: [Session-2, SSL_NULL_WITH_NULL_NULL]
[INFO,Default] HttpProcessor[443][4]
[INFO,Default] , SEND SSL v3.0 ALERT:
[INFO,Default] fatal,
[INFO,Default] description = handshake_failure
[INFO,Default] HttpProcessor[443][4], WRITE: SSL v3.0 Alert, length = 2
================================
So, at lease the server is listening to port 443, but the handshake fail.
Do I need to change the RMI+SSL to something else? I changed to the WAR context name, and also used my host name as well. But both still doesn't work.
I did generated the .keystore file using Keytool and configured correctly with the right password.
What could be the problem?
Thanks,
Benjamin -
5. Re: JBoss 2.4.4 + Tomcat 4.0.1 and SSL
bchi49 Jan 25, 2002 11:00 PM (in response to kuzmenko)Here's the portion of my jboss.jcml:
<!-- Tomcat 4.0.1 SSL Configuration -->
.keystore
password
8080
443
-
6. Re: JBoss 2.4.4 + Tomcat 4.0.1 and SSL
bchi49 Jan 26, 2002 12:44 AM (in response to kuzmenko)I found this article on how SSL works and how to configure SSL Client/Server etc:
http://www.onjava.com/pub/a/onjava/2001/05/03/java_security.html
Hopefully it'll help resolving the problem. -
7. Re: JBoss 2.4.4 + Tomcat 4.0.1 and SSL
bchi49 Jan 26, 2002 1:48 AM (in response to kuzmenko)JBoss throws this exception for the .keystore created using keytool "keytool -genkey -keystore .keystore -keyalg rsa -alias bchi -storepass serverkspw -keypass serverpw", this creates a .keystore file I updated the jboss.jcml with the keystore location and password:
When I start up the server I get this error message:
[ERROR,ConfigurationService] Unexpected error
java.security.UnrecoverableKeyException: Cannot recover key
at sun.security.provider.KeyProtector.recover(KeyProtector.java:304)
at sun.security.provider.JavaKeyStore.engineGetKey(JavaKeyStore.java:106)
at java.security.KeyStore.getKey(KeyStore.java:250)
at com.sun.net.ssl.internal.ssl.X509KeyManagerImpl.([DashoPro-V1.2-120198])
at com.sun.net.ssl.internal.ssl.KeyManagerFactoryImpl.engineInit([DashoPro-V1.2-120198])
at com.sun.net.ssl.KeyManagerFactory.init([DashoPro-V1.2-120198])
at org.jboss.security.plugins.JaasSecurityDomain.start(JaasSecurityDomain.java:99)
at java.lang.reflect.Method.invoke(Native Method)
at com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1628)
at com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1523)
at org.jboss.configuration.ConfigurationService$ServiceProxy.invoke(ConfigurationService.java:967)
at $Proxy0.start(Unknown Source)
at org.jboss.util.ServiceControl.start(ServiceControl.java:79)
at java.lang.reflect.Method.invoke(Native Method)
at com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1628)
at com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1523)
at org.jboss.Main.(Main.java:208)
at org.jboss.Main$1.run(Main.java:110)
at java.security.AccessController.doPrivileged(Native Method)
at org.jboss.Main.main(Main.java:106)
What am I doing wrong? -
8. Re: JBoss 2.4.4 + Tomcat 4.0.1 and SSL
bchi49 Jan 26, 2002 2:22 AM (in response to kuzmenko)Somehow if I don't specify the name of keystore when using keytool to generate the key then I don't have a problem.
The generated .keystore is placed on a default directory which is at my "C:\Documents and Settings\Benjamin", then I just copy the file over to the desired location, it seems to work. One more thing I had to change was for the following, I need to change from "bchi" to "tomcat", that works!
...
...
...
...
Benjamin -
9. Re: JBoss 2.4.4 + Tomcat 4.0.1 and SSL
johnnycannuk Jan 29, 2002 8:24 PM (in response to kuzmenko)The Keystore can be named anything but the alias has to 'tomcat' and the keypass and the store pass have to be the same
so
keytool -genkey -keystore .keystore -keyalg rsa -alias bchi -storepass serverkspw -keypass serverpw
should be more like
keytool -genkey -keystore anyname -keyalg rsa -alias tomcat-storepass apass -keypass apass
<!-- Tomcat 4.0.1 SSL Configuration -->
anyname
apass
...
8080
443
Try this and see if it works
Mike -
10. Re: JBoss 2.4.4 + Tomcat 4.0.1 and SSL
bchi49 Jan 30, 2002 11:00 PM (in response to kuzmenko)yes, that works! thanks.