4 Replies Latest reply: May 14, 2013 2:58 PM by Kristina Clair RSS

    How to configure JBoss 7 + httpd + mod_cluster with ssl between httpd and JBoss

    jairo.gubler Newbie

      Is there some article describing how to configure JBoss 7 + httpd + mod_cluster with ssl?         

       

      I found this document, but it think its using an older JBoss version:

      http://docs.jboss.org/mod_cluster/1.2.0/html/UsingSSL.html

       

      Thanks!

        • 1. Re: How to configure JBoss 7 + httpd + mod_cluster with ssl between httpd and JBoss
          Radoslav Husar Master

          If you have problems setting up you might be running into a known issue, https://issues.jboss.org/browse/AS7-3869 will be fixed in next realease.

          • 2. Re: How to configure JBoss 7 + httpd + mod_cluster with ssl between httpd and JBoss
            jairo.gubler Newbie

            My difficulty is about the whole configuration. It's not easy to understand all the steps needed to configure SSL when using httpd/mod_cluster with JBoss.

             

            I'm a little confused about the digital certificate files.

             

            Some of my configuration files:

             

            === httpd.conf ====

            <IfModule manager_module>

              Listen 192.168.171.129:8888

              ManagerBalancerName test

              <VirtualHost 192.168.171.129:8888>

                <Location />

                 Order deny,allow

                 Deny from all

                 Allow from 192.168.

                </Location>

                KeepAliveTimeout 300

                MaxKeepAliveRequests 0

                ServerAdvertise on

                #ServerAdvertise on http://@IP@:6666

                AdvertiseFrequency 5

                #AdvertiseSecurityKey secret

                #AdvertiseGroup @ADVIP@:23364

                EnableMCPMReceive

             

                <Location /mod_cluster_manager>

                   SetHandler mod_cluster-manager

                   Order deny,allow

                   Deny from all

                   Allow from 192.168.

                </Location>

              </VirtualHost>

              Listen 6666

              <VirtualHost 192.168.171.129:6666>

                 SSLEngine on

                 SSLCipherSuite AES128-SHA:ALL:!ADH:!LOW:!MD5:!SSLV2:!NULL

                 SSLCertificateFile conf/server.crt

                 SSLCertificateKeyFile conf/server.key

                 SSLCACertificateFile conf/server-ca.crt

                 SSLVerifyClient require

                 SSLVerifyDepth  10

              </VirtualHost>

            </IfModule>

             

            SSLProxyEngine On

            SSLProxyVerify require

            SSLProxyCACertificateFile conf/cacert.pem

            SSLProxyMachineCertificateFile conf/proxy.pem

             

            ==== error_log (apache httpd) ====

            [Wed Mar 07 13:50:46 2012] [warn] no client certs found for SSL proxy

             

             

            ========= standalone-full-ha.xml ==========================

                        <connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" enable-lookups="false" secure="true">

                            <ssl name="ssl" key-alias="jboss" password="xxxxxxx" protocol="ALL" verify-client="false" certificate-file="/opt/CERTS/jboss_ssl.keystore"/>

                        </connector>

             

            =====================================================

            • 3. Re: How to configure JBoss 7 + httpd + mod_cluster with ssl between httpd and JBoss
              traian20 Newbie

              I also find extremely difficult to understand all the required steps needed to configure the SSL communication between HTTPD and Jboss7.1.x.

              The entire mod_cluster documentation is JbossWEB centered (http://docs.jboss.org/mod_cluster/1.2.0/html/UsingSSL.html#createsc)

              Can someone point out which steps need to be taken, on the HTTPD side(httpd.conf ) and on Jboss7 side (modcluster subsystem configuration, HTTPS connector,...) ?

              • 4. Re: How to configure JBoss 7 + httpd + mod_cluster with ssl between httpd and JBoss
                Kristina Clair Newbie

                I am also having this issue. I was able to set up the apache end, but it's not at all clear where to put the ssl settings in the JBoss AS 7.x standalone.xml or domain.xml file.