5 Replies Latest reply on Aug 6, 2004 12:48 AM by techiestuff

Can't get SSL properly configured for web app

jhbjava Jul 20, 2004 8:37 AM

I have a web app that is running fine using form based authentication and the JBoss DatabaseServerLoginModule.

I copied the chap8.keystore file to the server/default/conf directory and then uncommented the "SSL/TLS Connector configuration using the SSL domain keystore" in the default/deploy/jbossweb-tomcat41.sar/META-INF/jboss-service.xml file.

I run the server and access https://localhost:8443 and get the Security Alert with the certificate information.

I then change the <transport-guarantee> to CONFIDENTIAL in the <web-resource-collection> of my web app and redeploy, hoping to go over HTTPS for the referenced collection, but I get "The page cannot be displayed". If I check the access.log I see a 302 for the referenced page.

I then add redirectPort="8443" to the Connector for port 8080 in the default/deploy/jbossweb-tomcat41.sar/META-INF/jboss-service.xml file and re-start. When I access a url referenced by the collection above this time I get prompted with the Security Alert with the certificate information, but when I respond to the dialog to proceed the browser hangs indefinitely. I look at the server.log file and find the debug messge "Error getting client certs" which I have read is not really an error, and I get a javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated, but the browser just hangs.

Could someone point me in the right direction?

1. Re: Can't get SSL properly configured for web app

jhbjava Jul 20, 2004 10:39 AM (in response to jhbjava)

JBoss version 3.2.3. Sorry.
Actions
2. Re: Can't get SSL properly configured for web app

techiestuff Aug 3, 2004 10:13 PM (in response to jhbjava)

Even I am facing the same problem. Using Jboss3.2.1(Jetty).
Besides that I was also trying to mix protocols after login.

Any help is appreciated.
Thanx in advance
Actions
3. Re: Can't get SSL properly configured for web app

techiestuff Aug 4, 2004 12:55 AM (in response to jhbjava)

I seem to be missing something rather basic here. Out of curiosity, I changed the authentication method to BASIC and it worked perfectly fine. I am really really confused as to what is wrong with Form based authentication here. I can't used Basic auth method.
Any suggestions or alternatives that I might look at?
Actions
4. Re: Can't get SSL properly configured for web app - Use Apac

conormac Aug 4, 2004 7:10 AM (in response to jhbjava)

Hi jhbjava,
To support SSL in our development, staging and production environments, I configure Apache http web server to perform the SSL transport, then configure the apache http web server again so that it acts as a reverse proxy for a given application. For example, when I access an applicaion using this url:

https://www.companyname.com/myapp1

I have set up the apache configuration to redirect all that https traffic to a different machine running jboss on whatever port, say:

http://internalmachine.companyname.com:8080/myapp1

In this way, you can split the SSL work away from the jboss application server. The advantages is better performance, plus it should be easier to configure apache for SSL as it's such a typical thing to do with lots of resources on the web to explain how to do it. Plus most of the major certificate providers have tutorials on how to uses their SSL certificates on Apache, again easing your workload and understanding.
Best of luck whichever approach you use,
Conor
Actions
5. Re: Can't get SSL properly configured for web app

techiestuff Aug 6, 2004 12:48 AM (in response to jhbjava)

Changing the ports to standard ones solved the problem
Actions

Go to original post