3 Replies Latest reply on Jun 8, 2011 4:35 AM by fabrizio.benedetti

Setup SSL in jboss Application server

moatau Jun 6, 2011 5:26 PM

i have the Certificate file and private key file "with .pem extension " , after convert to PFX extension then to java key store ..

Enter keystore password:
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 1 entry
Alias name: 1
Creation date: Jun 6, 2011
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=https.tishknet.com, OU=IT, O=COMPANY, L=S, ST=S, C=IQ
Issuer: CN=al-sard_ca, OU=IT, O=COMPANY, L=S, ST=S, C=IQ
Serial number: 2
Valid from: Fri Dec 10 15:42:00 EET 2010 until: Tue Dec 10 15:36:00 EET 2030
Certificate fingerprints:
MD5: 73:EC:00:A1:EC:8C:14:21:42:D2:DD:38:0F:66:DC:90
SHA1: 58:37:BB:49:98:3F:14:B6:23:8D:65:9F:86:21:8F:62:5A:DE:DE:F3
Signature algorithm name: SHA1withRSA
Version: 3
Extensions:
......
.....
....
etc

after that i enabled the SSL (HTTPS) in jboss with the following configuration :

<Connector port="8443" address="${jboss.bind.address}"
protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="${jboss.server.home.dir}/conf/server.keystore"
keystorePass="password" />

and am getting ERROR :

Keystore was tampered with, or password was incorrect

please any idea or advice !!! did i missed something !!

1. Re: Setup SSL in jboss Application server

fabrizio.benedetti Jun 7, 2011 5:19 AM (in response to moatau)

Be sure that keystore and alias have same password.
Actions
2. Re: Setup SSL in jboss Application server

moatau Jun 7, 2011 1:32 PM (in response to fabrizio.benedetti)
ok these are the following procedure that i did to convert the Certificate.pem and Key.pem ----to---> server.keystore
***just to be sure that i did it with the right way !!***

1.Convert PEM to PFX
openssl pkcs12 -inkey key.pem -in cert.pem -export -out newKey.pfx
2.Convert PFX to JKS
java -classpath lib/jetty-6.1.1.jar org.mortbay.jetty.security.PKCS12Import
         newKey.pfx server.keystore
3. after that i configure the server.xml with the following :

    <Connector port="8443" address="${jboss.bind.address}"
               protocol="HTTP/1.1" SSLEnabled="true"
               maxThreads="150" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS"
               keystoreFile="${jboss.server.home.dir}/conf/server.keystore"
               keystorePass="password" />

@Fabrizio Benedetti , Yes you was right now its working with no error when i run the jboss ...,

**** and in the other side which is the CPE should send Certificate with .der extension , is every thing that i did is right ???
becuase still cant have connection , want be sure that not from certificate or SSL connection in jboss....
Actions
3. Re: Setup SSL in jboss Application server

fabrizio.benedetti Jun 8, 2011 4:35 AM (in response to moatau)

Your certificate is issued by a CA (CN=al-sard_ca, OU=IT, O=COMPANY, L=S, ST=S, C=IQ).
The keystore must trust that CA.
So you have to export CA certificate (in DER format) and trust it in "server.keystore" with keytool or other tool (ex. keytool-UI).

Restart Jboss a make a browser connection on port 8443. It should be OK.

Regards
Actions

Go to original post