4 Replies Latest reply on Jul 23, 2012 1:37 PM by pathduck

    How to configure ssl in JBoss 7

    ohmygod

      I added below setting in standalone.xml, but seems not working.

       

      <server-identities>
                                                  <ssl>
                                                              <keystore path="myks.keystore" relative-to="jboss.server.config.dir" keystore-password="password" 
                                                              alias="demo" key-password="key_password" />
                                                  </ssl>
      </server-identities>
      
      

       

      The error I got is following when JBoss is started

       

      09:51:53,668 ERROR [org.jboss.as.server] JBAS015956: Caught exception during boot: org.jboss.as.controller.persistence.ConfigurationPersistenceExcepti
      on: JBAS014676: Failed to parse configuration
              at org.jboss.as.controller.persistence.XmlConfigurationPersister.load(XmlConfigurationPersister.java:141) [jboss-as-controller-7.1.1.Final.jar
      :7.1.1.Final]
              at org.jboss.as.server.ServerService.boot(ServerService.java:266) [jboss-as-server-7.1.1.Final.jar:7.1.1.Final]
              at org.jboss.as.controller.AbstractControllerService$1.run(AbstractControllerService.java:155) [jboss-as-controller-7.1.1.Final.jar:7.1.1.Fina
      l]
              at java.lang.Thread.run(Thread.java:619) [rt.jar:1.6.0_07]
      Caused by: javax.xml.stream.XMLStreamException: ParseError at [row,col]:[36,12]
      Message: JBAS014788: Unexpected attribute 'keystore-password' encountered
              at org.jboss.as.controller.parsing.ParseUtils.unexpectedAttribute(ParseUtils.java:104) [jboss-as-controller-7.1.1.Final.jar:7.1.1.Final]
              at org.jboss.as.domain.management.parsing.ManagementXml.parseKeystore(ManagementXml.java:428) [jboss-as-domain-management-7.1.1.Final.jar:7.1.
      1.Final]
              at org.jboss.as.domain.management.parsing.ManagementXml.parseSSL(ManagementXml.java:392) [jboss-as-domain-management-7.1.1.Final.jar:7.1.1.Fin
      al]
              at org.jboss.as.domain.management.parsing.ManagementXml.parseServerIdentities(ManagementXml.java:338) [jboss-as-domain-management-7.1.1.Final.
      jar:7.1.1.Final]
              at org.jboss.as.domain.management.parsing.ManagementXml.parseSecurityRealm_1_1(ManagementXml.java:309) [jboss-as-domain-management-7.1.1.Final
      .jar:7.1.1.Final]
              at org.jboss.as.domain.management.parsing.ManagementXml.parseSecurityRealms(ManagementXml.java:247) [jboss-as-domain-management-7.1.1.Final.ja
      r:7.1.1.Final]
              at org.jboss.as.domain.management.parsing.ManagementXml.parseManagement(ManagementXml.java:130) [jboss-as-domain-management-7.1.1.Final.jar:7.
      1.1.Final]
              at org.jboss.as.server.parsing.StandaloneXml.readServerElement_1_1(StandaloneXml.java:325) [jboss-as-server-7.1.1.Final.jar:7.1.1.Final]
              at org.jboss.as.server.parsing.StandaloneXml.readElement(StandaloneXml.java:127) [jboss-as-server-7.1.1.Final.jar:7.1.1.Final]
              at org.jboss.as.server.parsing.StandaloneXml.readElement(StandaloneXml.java:100) [jboss-as-server-7.1.1.Final.jar:7.1.1.Final]
              at org.jboss.staxmapper.XMLMapperImpl.processNested(XMLMapperImpl.java:110) [staxmapper-1.1.0.Final.jar:1.1.0.Final]
              at org.jboss.staxmapper.XMLMapperImpl.parseDocument(XMLMapperImpl.java:69) [staxmapper-1.1.0.Final.jar:1.1.0.Final]
              at org.jboss.as.controller.persistence.XmlConfigurationPersister.load(XmlConfigurationPersister.java:133) [jboss-as-controller-7.1.1.Final.jar
      :7.1.1.Final]
              ... 3 more
      
      

       

      What the problem is here?

       

      I got the setting from JBoss 7.1 documentation. Anyone can help me?

        • 1. Re: How to configure ssl in JBoss 7
          lafr

          SSL for what? For web-application to support https?

           

          For this purpose I have

          {code:xml}

              <subsystem xmlns="urn:jboss:domain:web:1.2" default-virtual-server="default-host" native="false">
                  <connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="http" redirect-port="9143"/>
                  <connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" secure="true">
                      <ssl certificate-key-file="/home/jboss/security/server.keystore" key-alias="mbicert" password="XXX"/>
                  </connector>
                  <virtual-server name="default-host" enable-welcome-root="true">
                      <alias name="localhost"/>
                  </virtual-server>
              </subsystem>

          {code}

          • 2. Re: How to configure ssl in JBoss 7
            ohmygod

            Thanks, Frank. I am wanting to support https. Besides your settings, is following info still needed? What confuses me is I found this info in the jboss 7 documentation on ssl but why it is not working..

             

            <server-identities>
            <ssl>
            <keystore path="myks.keystore" relative-to="jboss.server.config.dir" keystore-password="password" 
            alias="demo" key-password="key_password" />
            </ssl>
            </server-identities>
            

             

            And where is the https port?

            • 3. Re: How to configure ssl in JBoss 7
              ohmygod

              I added following possibly related to https into standalone.xml but access to https://localhost:8443/context-root is not available. Anything else I missed?

               

               

              <connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" secure="true">
                              <ssl key-alias="myks" password="pass" certificate-key-file="myks.keystore"/>
              </connector>
              ...
              
              <socket-binding name="management-https" interface="management" port="${jboss.management.https.port:9443}"/>
              

              ...

              <socket-binding name="https" port="8443"/>

              • 4. Re: How to configure ssl in JBoss 7
                pathduck

                From what I can tell from the error message, it is complaining about not recognizing the property keystore-password.

                Support for using properties keystore-password and key-password for <server-identity> was added in 7.1.2, it won't work in 7.1.1.

                 

                For 7.1.1 it supports just 'password' I believe.

                 

                It's not very consistent with how it's done in the <connector> element unfortunately...