7 Replies Latest reply on Apr 20, 2005 10:34 AM by romm

    Basic problem with HTTPS

    pemorob
    pemorob Jan 23, 2005 9:28 PM

      Hi,

      I've got a basic problem with HTTPS. The problem is that I have followed the instructions and I can't get an HTTPS connection.

      I am working on a Windows XP system and have JBoss 3.2.3 installed.

      I have made the following changes to the basic installation.

      jboss-tomcat41.sar\META-INF\jboss-service.xml:
      I have added the CoyoteConnector(below) to the JBoss-Tomcat service -

      <Connector className = "org.apache.coyote.tomcat4.CoyoteConnector"
 address="${jboss.bind.address}"
 port = "8443" scheme = "https"
 secure = "true">
 <Factory className =
 "org.apache.coyote.tomcat4.CoyoteServerSocketFactory"
 keystoreFile="${jboss.server.home.dir}/chap8.keystore"
 keystorePass="rmi+ssl"
 protocol = "TLS"/>
 </Connector>


      If I run Jboss and then try to access https://localhost:8443/jmx-console/index.jsp through Firefox I get
      "The connection to localhost:8443 has been terminated unexpectedly"
      If I try through IE I get "This page cannot be found"

      If I turn the logging to DEBUG the only output I get after trying the https access is:
      2005-01-24 13:19:08,425 DEBUG default desktop [org.apache.tomcat.util.threads.ThreadPool] Getting new thread data


      I thought it might be that I had the keystore in the wrong place but I copied it into
      D:\jboss-3.2.3\server
      D:\jboss-3.2.3\server\default
      D:\jboss-3.2.3\server\default\conf
      D:\jboss-3.2.3\server\default\deploy
      D:\jboss-3.2.3\server\default\deploy\jbossweb-tomcat41.sar
      D:\jboss-3.2.3\server\default\deploy\jbossweb-tomcat41.sar\META-INF

      That didn't help any.
      You will also notice that I have even got to the point of using precisely the same name for the keystore and password just in case there was something wrong with my naming conventions.


      So, does anyone have any idea what I'm doing wrong ?

      Thanks
      Rob


      • 5120 Views
      • Tags:
        • 1. Re: Basic problem with HTTPS
          viren
          viren Jan 28, 2005 5:10 AM (in response to pemorob)

          Same Here,

          I followed the documentation and couple of other examples on the web, but still I am not able to establish HTTPS.


          I am using jboss-4.0.0RC1

          thanks in advance
          vire

            • Actions
          • 2. Re: Basic problem with HTTPS
            sj_bennett
            sj_bennett Feb 8, 2005 9:04 PM (in response to pemorob)

            Try this:

            The keystore should go in
            D:\jboss-3.2.3\server\default\conf

            Then your path to the keystore file should be

            keystoreFile="${jboss.server.home.dir}/conf/chap8.keystore"


            steve

              • Actions
            • 3. Re: Basic problem with HTTPS
              pemorob
              pemorob Feb 8, 2005 9:11 PM (in response to pemorob)

              I tried that but with no success.

              Rob

                • Actions
              • 4. Re: Basic problem with HTTPS
                sj_bennett
                sj_bennett Feb 8, 2005 9:58 PM (in response to pemorob)

                Mine works and this is what is in my server.xml file.

                <Connector port="443" address="${jboss.bind.address}"
 maxThreads="100" minSpareThreads="5" maxSpareThreads="15"
 scheme="https" secure="true" clientAuth="false" redirectPort="8443"
 keystoreFile="${jboss.server.home.dir}/conf/chap8.keystore"
 keystorePass="rmi+ssl" sslProtocol = "TLS" />
 <Connector port="8443" address="${jboss.bind.address}"
 maxThreads="100" minSpareThreads="5" maxSpareThreads="15"
 scheme="https" secure="true" clientAuth="false"
 keystoreFile="${jboss.server.home.dir}/conf/chap8.keystore"
 keystorePass="rmi+ssl" sslProtocol = "TLS" />


                Then I don't use the ':8443' on the URL string. I do this because using port 8443 didn't work through our firewall.

                steve

                  • Actions
                • 5. Re: Basic problem with HTTPS
                  pemorob
                  pemorob Feb 22, 2005 12:50 AM (in response to pemorob)

                  Thanks for replying.

                  I have tried the config you suggested but with no luck.

                  I've been running 'netstat -a' commands and it looks like a socket on the 8443 port is being opened but then it times out.

                  I think the problem is in having something reading from the port.
                  My understanding is that the WebServer service (as defined below) should be reading from that port. Is that right ? If that is right, any idea why it's not doing anything

                  <mbean code="org.jboss.web.tomcat.tc4.EmbeddedTomcatService"
 name="jboss.web:service=WebServer">

 <attribute name="Java2ClassLoadingCompliance">true</attribute>

 <attribute name="LenientEjbLink">true</attribute>

 <attribute name="UseJBossWebLoader">true</attribute>

 <attribute name="SubjectAttributeName">j_subject</attribute>

 <attribute name="SnapshotMode">instant</attribute> <!-- you may switch to "interval" -->
 <attribute name="SnapshotInterval">3000</attribute>

 <attribute name="Config">
 <Server>
 <Service name="JBoss-Tomcat">
 <Engine name="MainEngine" defaultHost="localhost">
 <Logger className="org.jboss.web.tomcat.Log4jLogger"
 verbosityLevel="debug" category="org.jboss.web.localhost.Engine"/>
 <Host name="localhost">

 <!-- Access logger -->
 <Valve className="org.apache.catalina.valves.AccessLogValve"
 prefix="localhost_access" suffix=".log"
 pattern="common" directory="${jboss.server.home.dir}\log"/>

 <!-- This valve clears any caller identity set by the realm
 and provides access to the realm about the existence of an
 authenticated caller to allow a web app to run with a realm
 that support unauthenticated identities. It also establishes
 any run-as principal for the servlet being accessed.
 -->
 <Valve className="org.jboss.web.tomcat.security.SecurityAssociationValve"/>
 <!-- Default context parameters -->
 <DefaultContext cookies="true" crossContext="true" override="true"/>
 </Host>
 </Engine>

 <!-- A HTTP/1.1 Connector on port 8080 -->
 <Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
 address="${jboss.bind.address}" port="8080" minProcessors="5" maxProcessors="100"
 enableLookups="true" acceptCount="10" debug="10" redirectPort="8443"
 connectionTimeout="20000" useURIValidationHack="false"/>


 <!-- SSL/TLS Connector configuration using the SSL domain keystore -->
<Connector port="8443" address="${jboss.bind.address}"
 maxThreads="100" minSpareThreads="5" maxSpareThreads="15"
 scheme="https" secure="true" clientAuth="false"
 keystoreFile="${jboss.server.home.dir}/conf/server.keystore"
 keystorePass="tc-ssl" sslProtocol = "TLS" />

 </Service>
 </Server>
 </attribute>
 <depends>jboss:service=TransactionManager</depends>
 </mbean>


                    • Actions
                  • 6. Re: Basic problem with HTTPS
                    pemorob
                    pemorob Feb 22, 2005 1:03 AM (in response to pemorob)

                    PS

                    http://localhost:8443/jmx-console/index.jsp works

                    https://localhost:8443/jmx-console/index.jsp doesn't

                      • Actions
                    • 7. Re: Basic problem with HTTPS
                      romm
                      romm Apr 20, 2005 10:34 AM (in response to pemorob)

                      Hello all...

                      I am experiencing a similar problem with https... I have followed the documentation for JBoss 4 to enable SSL, and am also not able to establish a secure connection with jmx for testing. Does the keystore have to be named "chap8.keystore?

                      Thanks,

                        • Actions