-
1. Re: 7.1.0.CR1 SSL Connector ignores JSSE ssl attributes in domain mode
ctomc Jan 12, 2012 8:36 AM (in response to fabrizio.benedetti)Hi,
you are missing few parameters
this is my config that works:
<connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" secure="true"> <ssl name="megapos-service" key-alias="alias" password="password" certificate-key-file="path/to/cert.p12" verify-client="true" ca-certificate-file="path/to/truststore.jks" ca-certificate-password="trust-password" keystore-type="PKCS12" truststore-type="JKS"/> </connector>
fix the configuration according to this one and give it another try.
cheers,
tomaz
-
2. Re: 7.1.0.CR1 SSL Connector ignores JSSE ssl attributes in domain mode
fabrizio.benedetti Jan 12, 2012 6:36 AM (in response to ctomc)Thank you for your immediate reply Tomaz.
I put exactly your snipped code in a standard domain.xml.
It continues to throws
[Server:server-one] 12:27:09,690 ERROR [org.apache.tomcat.util.net.jsse.JSSESocketFactory] (MSC service thread 1-2) Failed to load keystore type JKS with path /home/fabrizio/.keystore due to /home/fabrizio/.keystore (No such file or directory): java.io.FileNotFoundException: /home/fabrizio/.keystore (No such file or directory)
As you can see it ignores also keystore type (JKS, but we set PKCS12).
Note that with standalone.xml all works fine.
Are you using 7.1.0.CR1 and domain.xml?
cheers,
fabrizio
-
3. Re: 7.1.0.CR1 SSL Connector ignores JSSE ssl attributes in domain mode
ctomc Jan 12, 2012 8:39 AM (in response to fabrizio.benedetti)Hi,
In this case I have standalone.xml but configuration of subsystem does not behave any different, as subsystem configuration is handeled in single place in code.
Domain and standalone are just ways how managament is done, configuration is the same.
Did you set keystore-type and truststore-type? in your case both to JKS?
cheers,
tomaz
-
4. Re: 7.1.0.CR1 SSL Connector ignores JSSE ssl attributes in domain mode
fabrizio.benedetti Jan 12, 2012 8:52 AM (in response to ctomc)I set all attributes, also keystore-type and truststore-type to JKS, but it still throws same exception.
I know that standalone and domain subsystems configuration are the same, in fact it works in 7.0.x...
I suspect that in domain mode web susystem is managed wrongly by jboss, that is it does not send ssl attributes, and so web subsystem takes default values (keystores from user home, password "changeit", etc.).
It would be usefull if you could try your configuration in domain.
thank you,
fabrizio
-
5. Re: 7.1.0.CR1 SSL Connector ignores JSSE ssl attributes in domain mode
ctomc Feb 23, 2012 10:53 AM (in response to fabrizio.benedetti)Fabrizio, i can confirm this is a bug and it is beeing addressed as we speak.