Newbie needs help w/ HTTPS (SSL) JBoss 4.0.4.GA
tsar_bomba May 24, 2006 12:55 PMI had previously setup SSL certs using Apache and IIS so I guess I figured JBoss (Tomcat) couldn't possibly be much different - I was *obviously* very, very mistaken.
I'm now in a real bind. I developed a web storefront for my conpany and need to push it out by the end of this week. I had no idea that I was going to spend 4+ days making futile attempts at getting my Verisign SSL cert to work right so users could switch to HTTPS while completing an order on the site.
That's where I'm at, I've followed all the instructions for generating the CSR, then importing the cert, generating the keystore, etc. I'm confident this part is right and that my trouble lies w/ JBoss/Tomcat at this point.
I've pored over these forums for days and have found a lot of information - but nothing that quite solved my problem.
Yesterday I found this post which got me closer than ever to a potential solution:
http://www.jboss.com/index.html?module=bb&op=viewtopic&t=81646
The JBoss documentation mentioned nothing about setting up the ciphers, trustedstoreFile, and trustedstorePass attributes in the Connector tag in Tomcat's server.xml file.
Here is mine:
 <Connector port="8443" address="${jboss.bind.address}"
 maxThreads="100" strategy="ms" maxHttpHeaderSize="8192"
 emptySessionPath="true"
 scheme="https" secure="true" clientAuth="false"
 sslProtocol="TLS"
 ciphers="SSL_DH_anon_WITH_RC4_128_MD5"
 keystoreFile="${jboss.server.home.dir}/conf/mykey.keystore"
 keystorePass="mysecretpass"
 truststoreFile="${jboss.server.home.dir}/conf/mykey.keystore"
 truststorePass="mysecretpass" />
Once I added the ciphers, truststoreFile, and truststorePass attributes I stopped getting the dreaded SSLException when I started JBoss, I *was* previously getting this exception:
javax.net.ssl.SSLException: No available certificate corresponds to the SSL cipher suites which are enabled.
...I'm *not* getting this now thanks to the "anon" cipher listed in the "ciphers" attribute in the Connector tag above. Naturally I was excited when I could finally boot JBoss w/o this exception.
However, now I cannot browse https://localhost:8443/MyApp. In Internet Explorer I simply get a "The page cannot be displayed" error page and Firefox 1.5.x gives me this dialog message:
Firefox and localhost cannot communicate securely because they have no common encryption algorithms.
The error seems pretty obvious, however, I have all SSL options enabled in both browsers so the problem has to be w/ the cipher, as far as I can see?
I'm completely tapped out of ideas and have been doing this for so long I'm probably making more problems for myself at this point rather than progressing.
I have no other ideas, I'm at the mercy of this forum, can anyone help me understand what the problem is here?
 
     
    