You have to add an additional inside your tag. If I'm not mistaken, it would be:

<mbean ... >
< .. same stuff as you have here .. >





Alternatively, you could remove the "SecurityDomain" attribute and add a Config attribute similar to above, but instead make it secure:
<mbean ... >
< .. same stuff as you have here minus the Security Domain attribute .. >







Regardless of which method you choose (not sure one is better than another) this will tell Tomcat to listen to both ports, one secure and the other non-secure. This should work with 2.4.4 (it does not work with 2.4.3).

Hope this helps,
Colin

I want to do the same thing, but I'm a bit confused trying to combine the two posts. Can someone post an example with everything we need to put in jboss.jcml to enable SSL on port 443 and normal http on port 80 using JBoss 2.4.4 and Tomcat 4.0.1? Ideally, it should always accept HTTP and redirect to the SSL port if a security constraint is present (just like stand alone Tomcat 4.0).

This is the solution I posted here: http://jboss.org/forums/thread.jsp?forum=61&thread=6234




//(no 's' on arg...)

.keystore
changeit


...
and

...

<!-- Uncomment to add embedded catalina service -->

80






This works great on all platforms... I guess I have an 'old' version of the 2.4.4 catalina bundle at work

As for redirect, the above can also take a parameter like redirectPort="443" in the connector tag or as
443

Play around and let me know if this works

Mike

I can't get this to work. I was able to browse the https port. When I turn on the JSSE debug and then browse, I see this debug info on the console:
================================
[INFO,Default] [read] MD5 and SHA1 hashes: len = 3
0000[INFO,Default] :
01[INFO,Default]
03[INFO,Default]
00[INFO,Default]
[INFO,Default]
[INFO,Default]
[INFO,Default]
[INFO,Default]
[INFO,Default]
[INFO,Default]
[INFO,Default]
[INFO,Default]
[INFO,Default]
[INFO,Default]
[INFO,Default]
[INFO,Default]
[INFO,Default]
[INFO,Default]
[INFO,Default]
[INFO,Default] .
[INFO,Default] .
[INFO,Default] .
[INFO,Default]
[INFO,Default] [read] MD5 and SHA1 hashes: len = 64
0000[INFO,Default] :
00[INFO,Default]
2A[INFO,Default]
00[INFO,Default]
00[INFO,Default]
00[INFO,Default]
10[INFO,Default]
00[INFO,Default]
00[INFO,Default]
[INFO,Default]
04[INFO,Default]
00[INFO,Default]
00[INFO,Default]
05[INFO,Default]
00[INFO,Default]
00[INFO,Default]
0A[INFO,Default]
01[INFO,Default]
[INFO,Default]
[INFO,Default] .
*[INFO,Default] .
[INFO,Default] .
[INFO,Default] .
[INFO,Default] .
[INFO,Default] .
[INFO,Default] .
[INFO,Default] .
[INFO,Default] .
[INFO,Default] .
[INFO,Default] .
[INFO,Default] .
[INFO,Default] .
[INFO,Default] .
[INFO,Default] .
[INFO,Default]
0010[INFO,Default] :
00[INFO,Default]
80[INFO,Default]
07[INFO,Default]
00[INFO,Default]
C0[INFO,Default]
03[INFO,Default]
00[INFO,Default]
80[INFO,Default]
[INFO,Default]
00[INFO,Default]
00[INFO,Default]
09[INFO,Default]
06[INFO,Default]
00[INFO,Default]
40[INFO,Default]
00[INFO,Default]
00[INFO,Default]
[INFO,Default]
[INFO,Default] .
[INFO,Default] .
[INFO,Default] .
[INFO,Default] .
[INFO,Default] .
[INFO,Default] .
[INFO,Default] .
[INFO,Default] .
[INFO,Default] .
[INFO,Default] .
[INFO,Default] .
[INFO,Default] .
[INFO,Default] .
@[INFO,Default] .
[INFO,Default] .
[INFO,Default]
0020[INFO,Default] :
64[INFO,Default]
00[INFO,Default]
00[INFO,Default]
62[INFO,Default]
00[INFO,Default]
00[INFO,Default]
03[INFO,Default]
00[INFO,Default]
[INFO,Default]
00[INFO,Default]
06[INFO,Default]
02[INFO,Default]
00[INFO,Default]
80[INFO,Default]
04[INFO,Default]
00[INFO,Default]
80[INFO,Default]
[INFO,Default]
d[INFO,Default] .
[INFO,Default] .
b[INFO,Default] .
[INFO,Default] .
[INFO,Default] .
[INFO,Default] .
[INFO,Default] .
[INFO,Default] .
[INFO,Default] .
[INFO,Default] .
[INFO,Default] .
[INFO,Default] .
[INFO,Default] .
[INFO,Default] .
[INFO,Default]
0030[INFO,Default] :
64[INFO,Default]
56[INFO,Default]
10[INFO,Default]
43[INFO,Default]
DE[INFO,Default]
F4[INFO,Default]
74[INFO,Default]
D8[INFO,Default]
[INFO,Default]
FB[INFO,Default]
79[INFO,Default]
A9[INFO,Default]
95[INFO,Default]
82[INFO,Default]
88[INFO,Default]
E8[INFO,Default]
51[INFO,Default]
[INFO,Default]
dV[INFO,Default] .
C[INFO,Default] .
[INFO,Default] .
t[INFO,Default] .
[INFO,Default] .
y[INFO,Default] .
[INFO,Default] .
[INFO,Default] .
[INFO,Default] .
[INFO,Default] .
Q[INFO,Default]
[INFO,Default] HttpProcessor[443][4], READ: SSL v2, contentType = 22, translated length = 59
[INFO,Default] *** ClientHello, v3.0
[INFO,Default] RandomCookie:
[INFO,Default] GMT: 0
[INFO,Default] bytes = {
[INFO,Default] 0
[INFO,Default] ,
[INFO,Default] 0
[INFO,Default] ,
[INFO,Default] 0
[INFO,Default] ,
[INFO,Default] 0
[INFO,Default] ,
[INFO,Default] 0
[INFO,Default] ,
[INFO,Default] 0
[INFO,Default] ,
[INFO,Default] 0
[INFO,Default] ,
[INFO,Default] 0
[INFO,Default] ,
[INFO,Default] 0
[INFO,Default] ,
[INFO,Default] 0
[INFO,Default] ,
[INFO,Default] 0
[INFO,Default] ,
[INFO,Default] 0
[INFO,Default] ,
[INFO,Default] 100
[INFO,Default] ,
[INFO,Default] 86
[INFO,Default] ,
[INFO,Default] 16
[INFO,Default] ,
[INFO,Default] 67
[INFO,Default] ,
[INFO,Default] 222
[INFO,Default] ,
[INFO,Default] 244
[INFO,Default] ,
[INFO,Default] 116
[INFO,Default] ,
[INFO,Default] 216
[INFO,Default] ,
[INFO,Default] 251
[INFO,Default] ,
[INFO,Default] 121
[INFO,Default] ,
[INFO,Default] 169
[INFO,Default] ,
[INFO,Default] 149
[INFO,Default] ,
[INFO,Default] 130
[INFO,Default] ,
[INFO,Default] 136
[INFO,Default] ,
[INFO,Default] 232
[INFO,Default] ,
[INFO,Default] 81
[INFO,Default] }
[INFO,Default] Session ID:
[INFO,Default] {}
[INFO,Default] Cipher Suites: {
[INFO,Default] 0
[INFO,Default] ,
[INFO,Default] 4
[INFO,Default] ,
[INFO,Default] 0
[INFO,Default] ,
[INFO,Default] 5
[INFO,Default] ,
[INFO,Default] 0
[INFO,Default] ,
[INFO,Default] 10
[INFO,Default] ,
[INFO,Default] 0
[INFO,Default] ,
[INFO,Default] 9
[INFO,Default] ,
[INFO,Default] 0
[INFO,Default] ,
[INFO,Default] 100
[INFO,Default] ,
[INFO,Default] 0
[INFO,Default] ,
[INFO,Default] 98
[INFO,Default] ,
[INFO,Default] 0
[INFO,Default] ,
[INFO,Default] 3
[INFO,Default] ,
[INFO,Default] 0
[INFO,Default] ,
[INFO,Default] 6
[INFO,Default] }
[INFO,Default] Compression Methods: {
[INFO,Default] 0
[INFO,Default] }
[INFO,Default] ***
[INFO,Default] %% Created: [Session-2, SSL_NULL_WITH_NULL_NULL]
[INFO,Default] HttpProcessor[443][4]
[INFO,Default] , SEND SSL v3.0 ALERT:
[INFO,Default] fatal,
[INFO,Default] description = handshake_failure
[INFO,Default] HttpProcessor[443][4], WRITE: SSL v3.0 Alert, length = 2
================================

So, at lease the server is listening to port 443, but the handshake fail.

Do I need to change the RMI+SSL to something else? I changed to the WAR context name, and also used my host name as well. But both still doesn't work.

I did generated the .keystore file using Keytool and configured correctly with the right password.

What could be the problem?

Thanks,
Benjamin

Here's the portion of my jboss.jcml:
  
<!-- Tomcat 4.0.1 SSL Configuration -->

  
    
  
   .keystore
   password


   8080
   443
  
  
  
  
  

I found this article on how SSL works and how to configure SSL Client/Server etc:

http://www.onjava.com/pub/a/onjava/2001/05/03/java_security.html

Hopefully it'll help resolving the problem.

JBoss throws this exception for the .keystore created using keytool "keytool -genkey -keystore .keystore -keyalg rsa -alias bchi -storepass serverkspw -keypass serverpw", this creates a .keystore file I updated the jboss.jcml with the keystore location and password:

When I start up the server I get this error message:

[ERROR,ConfigurationService] Unexpected error
java.security.UnrecoverableKeyException: Cannot recover key
at sun.security.provider.KeyProtector.recover(KeyProtector.java:304)
at sun.security.provider.JavaKeyStore.engineGetKey(JavaKeyStore.java:106)
at java.security.KeyStore.getKey(KeyStore.java:250)
at com.sun.net.ssl.internal.ssl.X509KeyManagerImpl.([DashoPro-V1.2-120198])
at com.sun.net.ssl.internal.ssl.KeyManagerFactoryImpl.engineInit([DashoPro-V1.2-120198])
at com.sun.net.ssl.KeyManagerFactory.init([DashoPro-V1.2-120198])
at org.jboss.security.plugins.JaasSecurityDomain.start(JaasSecurityDomain.java:99)
at java.lang.reflect.Method.invoke(Native Method)
at com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1628)
at com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1523)
at org.jboss.configuration.ConfigurationService$ServiceProxy.invoke(ConfigurationService.java:967)
at $Proxy0.start(Unknown Source)
at org.jboss.util.ServiceControl.start(ServiceControl.java:79)
at java.lang.reflect.Method.invoke(Native Method)
at com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1628)
at com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1523)
at org.jboss.Main.(Main.java:208)
at org.jboss.Main$1.run(Main.java:110)
at java.security.AccessController.doPrivileged(Native Method)
at org.jboss.Main.main(Main.java:106)

What am I doing wrong?

Somehow if I don't specify the name of keystore when using keytool to generate the key then I don't have a problem.
The generated .keystore is placed on a default directory which is at my "C:\Documents and Settings\Benjamin", then I just copy the file over to the desired location, it seems to work. One more thing I had to change was for the following, I need to change from "bchi" to "tomcat", that works!




...
...

...
...

Benjamin

The Keystore can be named anything but the alias has to 'tomcat' and the keypass and the store pass have to be the same

so
keytool -genkey -keystore .keystore -keyalg rsa -alias bchi -storepass serverkspw -keypass serverpw

should be more like

keytool -genkey -keystore anyname -keyalg rsa -alias tomcat-storepass apass -keypass apass

<!-- Tomcat 4.0.1 SSL Configuration -->




anyname
apass

...

8080
443







Try this and see if it works


Mike

yes, that works! thanks.