Hi,

to configure SSL first create a SecurityDomain with your keystore:




yourkeystore
yourpassword


Then add a connector to your Tomcat configuration which uses the key within the keystore:
<!-- SSL/TLS Connector configuration -->





Take a closer look at the free QuickStart-Guide which has some detailed info about that.

Didi

Didi,

Judging from your reponses, it seems your the resident expert on SSL here on the JBoss Forum scene.

I made the configurations you suggested to configure SSL for JBoss3 Tomcat4 and got no errors when running JBoss. I tried to browse to an existing Web Application by subbing "https" and "8443"as in the following:

http://localhost:8080/CSc258
to
https://localhost:8443/CSc258

But it doesn't work.

Assuming CSc258 is valid and I followed your instructions correctly, should this be a good test to see if SSL is installed and configured?

If not, any suggestions on testing if SSL is working?

Thanks,
Joe

Hi,

Did you change the port of the config above to 8443?

My example above is set to use the default https-Port (443).

If it does not work, could you please post your config.

Is a valid key/cert in your keystore?

Regards,
Didi

I'm having the same problems as the folks above. I've read the "Using SSL with the JBoss/Tomcat Bundle" section of the JBoss Admin and Development Book and applied the changes you listed above. I still cannot access any pages over SSL.

My assumption is that I have a bad keystore. But I'm pulling our keystore from our production system (JBoss 2.4.8) and SSL works there. How would I know if I have a bad keystore of if there is some other problem. The log files tell me nothing. I'm attaching my jboss-service.xml file.

Michael

> Is a valid key/cert in your keystore?
>
> Regards,
> Didi

You have put the connector in the wrong place.

It must be added to the service like the connector for port 80.

I have attached the corrected jboss-service.xml.

Didi

Didi,

Yes I did change 433 to 8433.

Also, Is it 100% necessary to have certificate file (.CSR) from a Certificate Authority for your configuration to work? I just want to have the most basic SSL working for now (i.e, use KeyTool to generate a .keystore file).

Here is my config file.

-Joe

Didi,

Yes I did change 433 to 8433.

Also, Is it 100% necessary to have certificate file (.CSR) from a Certificate Authority for your configuration to work? I just want to have the most basic SSL working for now (i.e, use KeyTool to generate a .keystore file).

Here is my config file.

-Joe

Hi Joe,

it is not neccessary to have a signed certficate in you keystore for testing. You just need to generate a key. A self signed certificate is generated automatically. Your browser will popup with an message that it is not fully trusted but you will be able to access your web site. You should not use that for production. There you need to sign the certificate by a CA.

Now step by step

1. You have generated your keystore the following way:

keytool -genkey -keyalg RSA -keystore yourkeystore -alias server

The password of the keystore and the password of key must be the same.

2. You have added connector configuration of tomcat. If you have 3.0.x it is located within the deploy-directory in a file called tomcat4-service.xml. On 3.2 it is located in deploy/jbossweb-tomcat.sar/META-INF/jboss-service.xml. An example of that file you see above in that thread. The connector referres to the security domain you have created in the conf/jboss-service.xml.

Do you see any Exception durring startup in the server.log? Look for the deployment of your SecurityDomain in the log file if there are any messages about a failure. Also have a look at the deployment of the connector.


Dietmar

Dietmar,

YES! That worked. Your the GREATEST. I've been plugging away at this for a week (~10 days)!

Dietmar if you ever make it to the States near Sacramento, Streak and Shrimp dinner with all the beer you can down... on me..

This is what I did:

1) Generated the .keystore file with the Keytool as you described above.

2) Add the following to the "tomcat41-service.xml" located in the <JBOS_HOME>\server\default\deploy directory:

-------------FILE EXCERPT START--------------




<!-- A AJP 1.3 Connector on port 8009
-->


-------------FILE EXCERPT END--------------
(For those who want to see the whole file, I attached it)



That was the final requirement for my school project.

Thanks again.
-Joe

---Complete FILE--
<?xml version="1.0" encoding="UTF-8"?>
<!-- Set catalina.home to the location of the Tomcat-4.1.x dist.
The default value is that of the JBoss/Catalina bundle where the
jakarta-tomcat-4.1.12-LE-jdk14 is included as jboss_dist/catalina
-->
<!DOCTYPE server [
<!ENTITY catalina.home "../tomcat-4.1.x">
]>

<!-- The service configuration for the embedded Tomcat4.1.x web container
-->









&catalina.home;

<!-- Uncomment this if you want interval snapshot for the
session clustering.
interval
2000
-->












<!-- Define a non-SSL Coyote HTTP/1.1 Connector on port 8080 -->

<!-- I Added START -->




- <!-- A AJP 1.3 Connector on port 8009
-->


<!-- I Added END -->









D:\.keystore
changeit