Moved to AS7 forum.

The xsd for the connector element of the web subsystem in AS7 is here http://www.jboss.org/schema/jbossas/jboss-web.xsd. As per the xsd, you'll need a child "ssl" element under the https connector with the relevant details. Follow that xsd and if you need more help, let us know. I think the security documentation which is currently work in progress will have these details and will then be published here https://docs.jboss.org/author/display/AS7/Documentation

Adam Hearn wrote:

 

 

Note that I could get the certificate-key-file to use a JBoss property - using ${jboss.server.home.dir} - but for my testing it's not a problem.

You mean you could not?

In AS7, the system properties set by default are listed here https://docs.jboss.org/author/display/AS7/Admin+Guide#AdminGuide-JVMsettings.

In this case, you need ${jboss.server.config.dir}. So ultimately, it would be ${jboss.server.config.dir}/server.keystore.

It looks like system property substitution isn't supported then.

I do the above configurations and still have errors. I can access https://localhost:8443/my.jsp but that my.jsp connects to another webservice with an https address such as https://www.paypalobjects.com/wsdl/PayPalSvc.wsdl using soap but gets a socket closed error. I can connect to http addresses such as http://www.weather.gov/forecasts/xml/DWMLgen/wsdl/ndfdXML.wsdl but just not https ones.  What do I need to do to allow this.  Ultimately I want to be able to do this using http:// for my app rather than https:// since I dont want my entire app having to go through security stuff.  I just want to be able to connect to secure webservices

thanks 

Ill open a new one.  But the weird thing is that when i run the code from eclipse it works perfectly fine.  It only fails when im trying to run it deployed with jboss

I do the above configuration and meet errors as following:

15:00:04,834 ERROR [org.apache.coyote.http11.Http11AprProtocol] (MSC service thread 1-5) Error initializing endpoint: java.lang.Exception: Unable to load certificate key D:/work/server/jboss-as-web-7.0.0.Final/domain/configuration/server.keystore (error:0906D06C:PEM routines:PEM_read_bio:no start line)

    at org.apache.tomcat.jni.SSLContext.setCertificate(Native Method)

    at org.apache.tomcat.util.net.AprEndpoint.init(AprEndpoint.java:660)

    at org.apache.coyote.http11.Http11AprProtocol.init(Http11AprProtocol.java:121)

    at org.apache.catalina.connector.Connector.init(Connector.java:976)

    at org.apache.catalina.core.StandardService.addConnector(StandardService.java:351)

    at org.jboss.as.web.WebServerService.addConnector(WebServerService.java:121)

    at org.jboss.as.web.WebConnectorService.start(WebConnectorService.java:223)

    at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1765)

    at org.jboss.msc.service.ServiceControllerImpl$ClearTCCLTask.run(ServiceControllerImpl.java:2291)

    at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) [:1.6.0_24]

    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) [:1.6.0_24]

    at java.lang.Thread.run(Thread.java:662) [:1.6.0_24]

.

.

.

Is it caused by something wrong with my server.keystore?But when i do the similar configuration on Tomcat 7.0.2,it really runs well and I can access https://localhost:8443/myApp.

thanks

Hi,

I have the same issue as Nick. I generated a keystore file with "keytool -genkey -alias jboss -keyalg RSA". Renamed it to keystore.jks and copied it to the configuration directory. Then added <connector name="https" protocol="HTTP/1.1" socket-binding="https" scheme="https" secure="true">

     <ssl name="https" key-alias="jboss" password="changeit" certificate-key-file="../standalone/configuration/keystore.jks"/></connector> to the standalone.xml file under the web subsystem. When I try to start the server I get the exact same error as Nick above. Using JBoss AS 7.0.1 final on Ubuntu linux/64. Any guidance would be appreciated.

Thx

Just double checked the steps you describe to create the error but no failure here.

Could you please confirm the exact path of the keytool you are using and the Java version you are running this with?

Also what output do you get from the following command?

keytool -list -keystore server.keystore

Hi Darren,

Thanks for the reply. I did get it work. The problem was I had built the Apache Portable Runtime stuff on my machine in the past for use with an older version of jboss. There is a symbolic link in /usr/lib/ for libtcnative-1.so. I deleted the link so when the web container started to load it could not find any APR libraries. I think if APR is in play then the configuration will be  different as in the JBoss Web documentation.

Thx

P.S.

if u want to use third-part certificate,u should config like below:

<connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" secure="true">

    <ssl name="https" certificate-key-file="xxxx" keystore-type="xxxx"/>

</connector>