3 Replies Latest reply on Feb 8, 2012 12:26 AM by mandarbk

Configure SSL with Java Keystore

mandarbk Feb 5, 2012 1:00 PM

With the help of JBoss 7 documentation and some of the posts here I am trying to configure SSL for my application.

Here are the steps that I followed.[I am using Jboss 7.1 CR1 Beta]

1) Create a Self signed certificate

Go to JAVA_HOME/bin.

Execute the folllowing command :

keytool -genkey -alias myappkey -keyalg RSA -keystore app.keystore

2) Modify standalone.xml

<subsystem xmlns="urn:jboss:domain:web:1.1" default-virtual-server="default-host" native="false">
            <connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="http" redirect-port="8443"/>
            <connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" enable-lookups="false" secure="true">
                <ssl name="ssl" key-alias="myappkey" password="mypassword" certificate-key-file="file://C:/javaHome/bin/app.keystore" protocol="TLSv1" verify-client="false"/>
            </connector>
            <virtual-server name="default-host" enable-welcome-root="false">
                <alias name="localhost"/>
            </virtual-server>
        </subsystem>

3) Add security in web.xml

I am already having a custom loginmodule to perform BASIC authentication.

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
          xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
          version="3.0">

          <security-constraint>
                    <web-resource-collection>
                              <web-resource-name>Secure Content</web-resource-name>
                              <url-pattern>/*</url-pattern>
                    </web-resource-collection>
                    <auth-constraint>
                              <role-name>webAccessRole</role-name>
                    </auth-constraint>
                    <user-data-constraint>
            <transport-guarantee>CONFIDENTIAL</transport-guarantee>
        </user-data-constraint>
          </security-constraint>
          <login-config>
                    <auth-method>BASIC</auth-method>
                    <realm-name>myAppRealm</realm-name>
          </login-config>
          <security-role>
                    <role-name>webAccessRole</role-name>
          </security-role>
</web-app>

When I try https://localhost:8443/myapp/objects, I don't get any response. The reqest simply times out.

Google Chrome 
could not load the webpage because localhost took too long to respond. The website may be down, or you may be experiencing issues with your Internet connection

Am I Missing any configuration here ?

1. Re: Configure SSL with Java Keystore

mandarbk Feb 6, 2012 11:34 AM (in response to mandarbk)

The configuration works fine. I had some spaces in the real path that I was using for certificates.
Actions
2. Re: Configure SSL with Java Keystore

pathduck Feb 7, 2012 1:31 PM (in response to mandarbk)

Thanks, about to do the same here so this is bound to be useful!

A small question, what is the redirect-port used for? I am sceptical of using port bindings in this section of the config since it could easily conflict with other appservers running on the same host.

Do you have an idea how you would have separate keystores and truststores?
Actions
3. Re: Configure SSL with Java Keystore

mandarbk Feb 8, 2012 12:26 AM (in response to pathduck)

redirect-port is used to transparently route non-https traffic to a https port.
If you send "http://localhost:8080/...", the server will redirect it to "https://locahost:8443/..."

Here are more details .. http://docs.jboss.org/jbossweb/7.0.x/ssl-howto.html
Actions

Go to original post