3 Replies Latest reply on Sep 1, 2003 8:35 AM by jonlee

    SSL enabled but HTTPS returning broken page

    wliebenberg

      Hi!

      I've been stuck with this for several days now, and it's becoming critical. I've read through large sections of the JBoss Admin and Development Guide, to no avail. I've contacted the Jetty team but they couldn't help me!

      I'm using JBoss 3.0.4. with Jetty as the default web server, on Windoze XP. My JDK is 1.3.1_01 and j2sdkee1.3, and I cannot change either of those, because we work with SeeBeyond eGate, which doesn't support later JDKs.

      I have a WAR file called eperson.war, which I hot-deploy by dropping it into the folder C:\jboss-3.0.4\server\default\deploy. It deploys normally, and the Web application displays normally in my browser when I navigate to http://localhost:8088/eperson/ (note the port change from the default 8080).

      I have also set up SSL in Jetty, by editing the following file: C:\jboss-3.0.4\server\default\deploy\jbossweb.sar\META-INF\jboss-service.xml . I uncommented the SSL portion and specified the location of my keystore, as well as my passwords. Here is the XML:




      8443
      5
      100
      30000
      2000
      /epersonkeystore/mykeystorefile.jks
      mypassword
      mypassword





      I generated the keystore using the JDK keytool. As far as I know, the keystore file is fine. I've used it successfully for other encryption work as well. I've also exported a .DER certificate from the keystore and installed into Internet Explorer. I use Internet Explorer 6.

      This is my System CLASSPATH value:
      CLASSPATH=.;C:\jdk1.3.1_01\lib\tools.jar;C:\j2sdkee1.3\lib\j2ee.jar;C:\j2sdkee1.3\locale;C:\jsse1.0.3_01\lib\jcert.jar;C:\jsse1.0.3_01\lib\jnet.jar;C:\jsse1.0.3_01\lib\jsse.jar

      When I start JBoss up, I get no exceptions whatsoever. JBoss starts up without a hitch. This is part of the output that scrolls:

      09:41:40,828 INFO [jbossweb] Starting Jetty/4.1
      09:41:40,859 INFO [jbossweb] Started org.mortbay.http.NCSARequestLog@de462
      09:41:40,906 INFO [jbossweb] Started SocketListener on 0.0.0.0:8088
      09:41:40,906 INFO [jbossweb] jetty.ssl.keystore=C:/Documents and Settings/Werner/epersonkeystore/IntegrationBusKeySto
      re.jks
      09:41:40,921 INFO [jbossweb] jetty.ssl.password=********
      09:41:40,937 INFO [jbossweb] jetty.ssl.keypassword=********
      09:41:40,953 INFO [jbossweb] jetty.ssl.keystore.type=jks
      09:41:40,953 INFO [jbossweb] jetty.ssl.keystore.provider.name=[DEFAULT]
      09:42:14,000 INFO [jbossweb] SSLServerSocketFactory=com.sun.net.ssl.internal.ssl.SSLServerSocketFactoryImpl@15da38
      09:42:14,031 INFO [jbossweb] JsseListener.needClientAuth=false
      09:42:14,046 INFO [jbossweb] Started SocketListener on 0.0.0.0:8443
      09:42:14,125 INFO [jbossweb] Started AJP13Listener on 0.0.0.0:8009
      09:42:14,125 INFO [jbossweb] NOTICE: AJP13 is not a secure protocol. Please protect the port 0.0.0.0:8009
      09:42:14,140 INFO [jbossweb] Started org.jboss.jetty.Jetty@1d5a0
      09:42:14,140 INFO [JettyService] Started

      I assume, based on the above output, that SSL is correctly enabled in Jetty. While the Web application displays normally when I go to http://localhost:8088/eperson/, when I go to https://localhost:8843/eperson/ the browser immediately returns with a broken page, i.e. an error like this:

      "The page cannot be displayed

      The page you are looking for is currently unavailable. The Web site might be experiencing technical difficulties, or you may need to adjust your browser settings."

      When I point the browser to https://localhost:8088/eperson/ (in other words, using https, but on port 8088), the browser takes a few moments to respond and then again simply gives a broken page.

      Questions:
      1. Based on the information I've provided above, *is* SSL actually correctly set up in Jetty?
      2. Given that the JSP pages work correctly on port 8088, should I be able to see the web site when I navigate to https://localhost:8843/eperson/ ?
      3. If so, why do I only get a broken page, and what does one do to solve this?

      Werner Liebenberg

        • 1. Re: SSL enabled but HTTPS returning broken page
          jonlee

          Is this a typo as the service is on 8443 but you are trying 8843? If that is not the problem, you might try building the Jetty SSL listener from the Jetty source using your 1.3.x JDK and see if it builds correctly, and if it does, then whether it correctly processes requests and responses.

          • 2. Re: SSL enabled but HTTPS returning broken page
            wliebenberg

            Actually yes, that was just a typo. I DO check on port 8443, not port 8843 as in my message. Apologies for the confusion.

            As for rebuilding the Jetty servlet container with JDK 1.3.1, I'lll give that a try. Alternatively, maybe I should switch to the JBoss/Tomcat bundle? Would you say that would be a better bet for a quick resolution.

            I'm surprised no-one else has ever experienced this problem before.

            • 3. Re: SSL enabled but HTTPS returning broken page
              jonlee

              It is possible that people have experienced this problem. Except there have always been a few issues with Java SSL in the 1.3.x releases.

              The implementation was not that supportive of cryptographic plug-ins from different suppliers and was fairly clunky. For example, there were more than a few problems getting SSL running with the IBM SDK. It was only recently that the Tomcat connectors supported the IBM SSL implementation (latest release).

              In production, you would normally use a web server front-end if you were doing a lot of SSL. The reason being that SSL under Java is slower than native code cryptography such as OpenSSL with Apache, or SSL with IIS. So that is another option for you.