6 Replies Latest reply on Sep 6, 2012 9:53 AM by nenetta

    No SSL connection

    nenetta

      Hello,

      I try to configure a Jboss 7.1.0 at first and second Jboss 7.1.1 but nothing change.

      I configure a standalone.xml in this way :

       

      <connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="http"/>

                  <connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" secure="true">

                      <ssl name="ssl" key-alias="ulisse10" password="ulisse" certificate-key-file="C:/Ulisse/Cert/ulisse10.keystore" protocol="ALL" verify-client="false" ca-certificate-file="C:/Ulisse/Cert/altri1.keystore"/>

                  </connector>

      and :

      <socket-binding name="https" port="443"/>

       

      hhtp is going well, https with not trusted certificate is going, but https with trusted certificate does not working.

       

      It 's not domain configuration.

      In altri1.keystore there are othe certificate obout not own machine.

       

      When I start the server the error is :

       

      .................

      08:37:03,641 INFO  [org.jboss.as.deployment.connector] (MSC service thread 1-3) JBAS010401: Bound JCA ConnectionFactory [java:/JmsXA]

      08:37:03,672 INFO  [org.jboss.as.controller] (Controller Boot Thread) JBAS014774: Service status report

      JBAS014777:   Services which failed to start:      service jboss.web.connector.https: org.jboss.msc.service.StartException in service jboss.web.connector.https: JBAS018007: Error starting web connector

       

      08:37:03,719 INFO  [org.jboss.as.server.deployment] (MSC service thread 1-4) JBAS015876: Starting deployment of "dashboardWeb.war"

      08:37:03,734 INFO  [org.jboss.as.server.deployment] (MSC service thread 1-2) JBAS015876: Starting deployment of "dashboardWS.war"

      08:37:19,406 WARN  [org.jboss.as.server.deployment] (MSC service thread 1-2) Class Path entry activation.jar in "/C:/Ulisse/jboss-as-7.1.1.Final/bin/content/dashboardWS.war/WEB-INF/lib/mail-1.4.jar"  does not point to a valid jar for a Class-Path reference.

      08:37:20,20..............

       

      Can someone help me ?

        • 1. Re: No SSL connection
          nickarls

          Are there any other errors that would indicate what the error with the keystore? Perhaps something when wrong when importing the signed certificate?

          • 2. Re: No SSL connection
            nenetta

            No error, only this when I start a server.

            I don't also know how to improve logs of Jboss to help myself with error ...Do you know how ?

            I put a keystore in one directory and when I build it nothing go wrong.

            I create a certificate with a keystore in this way :

             

            keytool -genkey -keyalg RSA -keysize 1024 -keystore ulisse13.keystore -storepass ulisse  -storetype JKS -alias ulisse13

            keytool -certreq -keystore ulisse13.keystore -storepass ulisse -alias ulisse13 -file ulisse13.csr

            java -cp jstk.jar org.jstk.cert.CertTool issue -cadir rootca -csrfile ulisse13.csr -cerfile ulisse13.cer -password changeit

            keytool -import -keystore ulisse13.keystore -alias ulisse13 -file ulisse13.cer

             

            That's right ?

            Did I must change alias when I import a trunsted certificate in the same keystore ?

            But I just do this again and doesn't work too.

             

            Maybe I must check my certificate with one external tools ? Can you suggest ?

            • 3. Re: No SSL connection
              nickarls

              Well if it's a showstopper error, the current log levels should be enough

              The CA that did the signing problably has more detailed info, it's been a while since I did it but last time I recall a -trustcacerts in the import.

              • 4. Re: No SSL connection
                nenetta

                Thank you!

                But what about Jboss configuration ? I need to add somethings else in standalone ?

                 

                Now I'll make different test with the -trustcacerts..

                • 5. Re: No SSL connection
                  nickarls

                  I  think I just have a

                   

                              <connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" secure="true">
                                  <ssl name="ssl" key-alias="jbossas7" password="jbossas7" certificate-key-file="c:/users/karlsnic/jbossas7.keystore"/>
                              </connector>
                  

                   

                  The ca-certificate as a separate file should also work but one would think that if you try to import the ca-certs, you should at least see some error if they are malformed.

                  • 6. Re: No SSL connection
                    nenetta

                    Thank you!

                    yes, Iknow that the ca-certificate-file is the truststore container where put client certificate.

                    Incredible, with -trustcacerts Jboss 7.1.0 and Jboss 7.1.1 is going well.

                    No Jboss error are present.

                    But in the browser the certificate is again red and marked like untrusted.

                    I download it and saw all the part is the new certificate tha I just did before.

                    That's right, but I don't know what is wrong!!???!

                    When I try to this command to test :

                     

                    openssl s_client -connect 138.132.XX.YY:443

                     

                    The response is :

                    ...

                    verify error:num=19:self signed certificate in certificate chain

                    verify return:0

                    ...

                    Verify return code: 19 (self signed certificate in certificate chain)

                    ..

                     

                    How means ? And how I can provided to it ?