I am having the same problem, although with JBoss-3.0.6_tomcat-4.1.18 release.

I am curious. Which version of Jboss did you have the SSL working?

Hi,

I have encountered the same problem. If you use the coyote connector of Tomcat, SSL does not work.

If you use the "old style" HttpConnector everything works.

Dietmar

I've got SSL working on 3.2/4.1.24 using the CoyoteConnector. In jboss-3.2.0_tomcat-4.1.24\server\default\deploy\jbossweb-tomcat.sar\META-INF\jboss-service.xml
I've got:

<Factory className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory"...

was the key to this mystery.

Thank you so much!

From what I have managed to figure out the xml files use velocity like text replacement allowing you to use system properties. You can view all the system properties defined by jboss in the JMX console under System property viewer. Here is what I did so I could place my keystore in default/conf

For some reason the forums eats this so replace [ with {

keystore="$[jboss.server.home.dir]/conf/server.keystore"

I was also (finally) able to get it to work (thanks to the forum folks - paid for documentation is insufficient). The first problem is finding out where the configuration files are the need to be changed.

The first one was here:

[JBOSS_HOME]\[server e.g. "default"]\conf\jboss-service.xml

Create an mbean to identify the JAAS settings:

jboss.security:service=XMLLoginConfig


login-config.xml


<!-- JAAS security manager and realm mapping -->

org.jboss.security.plugins.JaasSecurityDomain



jboss.security:service=JaasSecurityManager



file://C:/Java/keystore
password


The second one was here (to set the SSL port and properties):

[JBOSS_HOME]\[server e.g. "default"]\deploy\jbossweb-tomcat.sar\META-INF\jboss-service.xml



true

<!--
*******************************************************
****************** CLUSTERING *************************
*******************************************************
In order to activate HTTP Session clustering for Tomcat
make sure you run JBoss's "all" configuration i.e.
"run -c all"
(the default configuration doesn't contain clustering)

Furthermore, you may change SnapshotMode and
SnapshotInterval attributes below to indicate when to
synchronize changes with the other node(s).

If you use Apache+mod_jk(2) you will most probably use
the AJP1.3 connector below. Thus, if you so wish,
you may comment (i.e. deactivate) the HTTP connector
as it won't be used anymore.

*******************************************************
*******************************************************
*******************************************************
-->

<!--
If you are using clustering, the following two attributes
define when the sessions are replicated to the other nodes.
The default value, "instant", synchronously replicates changes
to the other nodes. In this case, the "SnapshotInterval" attribute
is not used.
The "interval" mode, in association with the "SnapshotInterval"
attribute, indicates that Tomcat will only replicates modified
sessions every "SnapshotInterval" miliseconds at most.
-->
instant <!-- you may switch to "interval" -->
2000








<!-- Access logger -->


<!-- Default context parameters -->





<!-- A HTTP/1.1 Connector on port 8080 -->


<!-- A AJP 1.3 Connector on port 8009 -->


<!-- SSL/TLS Connector configuration using the SSL domain keystore -->









Hope this helps others trying to get SSL to work. Note that in this configuration, both SSL and non-SSL are setup to work on the default ports (443/80; respectively).

Thanks a lot!

But when I modified as above, I got new problems:
If I enter https://localhost/jmx-console
(my ssl port is the default port 443)

the browser returns an error page immediately and an exception shown:

2003-06-03 10:36:41,921 DEBUG [org.apache.tomcat.util.threads.ThreadPool] Getting new thread data
2003-06-03 10:36:42,078 DEBUG [org.apache.tomcat.util.net.PoolTcpEndpoint] Handshake failed
javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(DashoA6275)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.handshake(JSSESocketFactory.java:290)
at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:540)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:619)
at java.lang.Thread.run(Thread.java:536)
Caused by: java.io.EOFException: SSL peer shut down incorrectly
at com.sun.net.ssl.internal.ssl.InputRecord.read(DashoA6275)
... 7 more


Has anybody else encountered this?

My friend had a similar problem. I suspect I probably need to just include the entire configuration. Note that I am using the "all" server (as opposed to "default") since the default server does not support certain features. To validate this example, ensure you are using the "all" server.

Attached are the [JBOSS_HOME]/server/all/conf/jboss-service.xml, [JBOSS_HOME]/server/all/deploy/http-invoker.sar/META-INF/jboss-service.xml and the [JBOSS_HOME]/server/all/deploy/jboss-tomcat.sar/META-INF/jboss-service.xml files.

... then all you have to do is generate a JKS keystore and self-signed cert (I have it pointing to C:\Java\keystore). See this URL if you need help:
http://java.sun.com/products/jdk/1.2/docs/tooldocs/solaris/keytool.html

This configuration (above) defintely works on the JBoss/Tomcat version referenced. Hope this saves people time in getting SSL working on JBoss...

My friend had the same SSLHandshakeException problem. It turned out that they Certificate was improperly created in the keystore. Specifically, the certificate has be created with an RSA algorithm (apparently that is all Tomcat understands):

keytool -genkey -alias name -keyalg RSA -keystore keystoreURI

Hope this helps.

Thanks very much! This really helps!

Hello,

I tried exactly what has explained above. But I am getting the following exception at server start up. What could be the reason... please help....

...
17:33:43,108 INFO [TomcatSSL] Starting
17:33:43,359 WARN [ServiceController] Problem starting service Security:service=JaasSecurityDomain,domain=TomcatSSL
java.io.FileNotFoundException: \Java\keystore
at org.jboss.net.protocol.file.FileURLConnection.connect(FileURLConnection.java:70)
at org.jboss.net.protocol.file.FileURLConnection.getInputStream(FileURLConnection.java:79)
at java.net.URL.openStream(URL.java:960)
...

Thanks in advance