11 Replies Latest reply on Aug 4, 2012 4:06 AM by ybxiang.china

    Remoting-connector with SSL


      How can I configure remoting-connector with SSL?


      I try configure security-realm with ssl server-identifier and then use it as security-realm in remoting-connector but it does not work

        • 1. Re: Remoting-connector with SSL

          Could you please elaborate further on what you mean whey you say it does not work?


          What kind of client are you trying to connect to the connector?  Also could you please show some of the relevent configuration of both the realm and the connector.

          • 2. Re: Remoting-connector with SSL



            <security-realm name="SSLRealm">



                  <keystore path="localhost.keystore" password="EJB-SSL_KEYPAIR_PASSWORD" relative-to="jboss.server.config.dir"/>




                   <jaas name="bean-sec-domain" />




            <connector name="remoting-connector" socket-binding="remoting" security-realm="SSLRealm" />



            ejb: client

            Properties p = new Properties();

            p.setProperty(Context.URL_PKG_PREFIXES, "org.jboss.ejb.client.naming");

            p.put("jboss.naming.client.ejb.context", true);

            InitialContext c = new InitialContext(p);

            TestBeanRemote vLookup = (TestBeanRemote) c.lookup("ejb:TestEar/TestEjb/TestBean!"+ TestBeanRemote.class.getName());






            remote.connection.x1.port = 4447





            and result is


            ERROR: JBREM000200: Remote connection failed: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?

            28.2.2012 8:23:28 org.jboss.ejb.client.remoting.ConfigBasedEJBClientContextSelector setupEJBReceivers

            WARN: Could not register a EJB receiver for connection to remote://

            java.lang.RuntimeException: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?

                at org.jboss.ejb.client.remoting.IoFutureHelper.get(IoFutureHelper.java:91)

            • 3. Re: Remoting-connector with SSL

              There is one additional option you need on the client: -



              • 4. Re: Remoting-connector with SSL

                I've got same problem with SSL_STARTTLS=true


                It looks like there is no SSL connection on server side.


                Server configuration is correct?

                • 5. Re: Remoting-connector with SSL

                  Can you try setting the option on 'remote.connection.x1.connect.options' instead?

                  • 6. Re: Remoting-connector with SSL

                    That is it. Thanks




                    solve the problem.

                    • 7. Re: Remoting-connector with SSL

                      For lookup with "remote://" protocol I've construct Properties for InitialContext like





                      and now it works.

                      • 8. Re: Remoting-connector with SSL

                        Hello, I have a followup question. Is there any way to make the client ignore the server's certificate? We want to use SSL for encryption on remote EJB queries, but do not have control over the JVM the client runs to set the JVM level truststore / certificates to trust.



                        remote.connections = x1
                        remote.connection.x1.host       =
                        remote.connection.x1.port       = 9112
                        remote.connection.x1.username   = admin
                        remote.connection.x1.password   = admin

                        On running my client (which just tries to initiate a connection), I get an error on client during EJB reciever registration:

                         INFO [main] (EndpointImpl.java:70) - JBoss Remoting version 3.2.3.GA
                         ERROR [Remoting "config-based-ejb-client-endpoint" read-1] (RemoteConnection.java:99) - JBREM000200: Remote connection failed: java.io.IOException: JBREM000202: Abrupt close on Remoting connection 76933bcb to computer/
                         WARN [main] (ConfigBasedEJBClientContextSelector.java:133) - Could not register a EJB receiver for connection to remote://
                        java.lang.RuntimeException: javax.net.ssl.SSLHandshakeException: General SSLEngine problem


                        With this jboss-side error:

                        ERROR [org.jboss.remoting.remote.connection] (Remoting "computer" read-1) JBREM000200: Remote connection failed: javax.net.ssl.SSLException: Fatal Alert received: Certificate Unknown


                        Thanks for any help!

                        • 9. Re: Remoting-connector with SSL

                          No you do need the truststore on the client side to be able to verify the certificate although you should be able to use the following properties on the client without affecting the JVM installation: -


                          -Djavax.net.ssl.trustStore=client.truststore -Djavax.net.ssl.trustStorePassword=truststore_password


                          The issue is that if the client is inadvertantly forwarded to connect to a different address a man in the middle type attack with a fake private key is fairly simple with that intermediarry now having full access to the data being exchanged.

                          • 10. Re: Remoting-connector with SSL

                            Sorry, what I meant when I said JVM-level was exactly what you typed - the client is more or less a plugin to running framework, so it isn't started in its own command windows / environment. And while I can certainly access/change those via System, that affects every other "plugin" as well.


                            I do realize not validating the certificate can lead to man-in-the-middle, but since we currently do not use SSL at all we have other means of validating who we are talking to. This is just a first step to get encrypted traffic. If we can't allow the client to ignore the certificate, then is there a way to be able to pass in our certificate to the properties used for .lookup()?

                            • 11. Re: Remoting-connector with SSL

                              Hello Mates,


                                   In JBoss 6, We can use bellow annotations on an EJB,



                                  @RemoteBinding(clientBindUrl="sslsocket://${jboss.bind.address}:3843", jndiBinding="nms-ear/SSLSecuredRemoteSession/remote")




                              public interface ISecuredRemoteSession extends ILogin{




                              But, in JBoss 7, this annotation is NOT supported by default. How do you bind your EJB interface to an SSL IP and port?