SSL with .pem and private Key
aykay Sep 29, 2012 8:54 AMHi there.
I was told to make JBoss talk HTTPS and was given a certification file which is a .PEM file and a private key file. The certification file heads with
-----BEGIN CERTIFICATE-----
and has a public key. The private key file heads with
-----BEGIN RSA PRIVATE KEY-----
My try to make JBoss listen to 8443 utilizing this certification in standalone.xml is
<subsystem xmlns="urn:jboss:domain:web:1.1" default-virtual-server="default-host" native="false">
<connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="http"/>
<connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" secure="true">
<ssl name="PROJECTNAME-SSL" password="myCoolPassword" certificate-key-file="../standalone/configuration/PROJECTNAME.keystore" protocol="TLSv1" ca-certificate-file="../standalone/configuration/RapidSSL_Intermediate_CA.pem" verify-client="true" />
</connector>
As you can see I added the certificate file to a keystore using keytool. This is about the command I used:
keytool -import -alias OUR_COOL_DOMAIN -file RapidSSL_Intermediate_CA.pem -keystore PROJECTNAME.keystore
But all this is to no avail. The response to
- https://SERVERNAME:8443/<PROJECTURL> or
- https://SERVERNAME:8443/
is ERROR: Connection failed in the browser. HTTP (8080) works, of course.
netstat -an tells me
tcp | 0 | 0 127.0.0.1:9990 | 0.0.0.0:* | LISTEN |
tcp | 0 | 0 127.0.0.1:3306 | 0.0.0.0:* | LISTEN |
tcp | 0 | 0 127.0.0.1:9999 | 0.0.0.0:* | LISTEN |
tcp | 0 | 0 IP-ADDRESS:8080 | 0.0.0.0:* | LISTEN |
but no mentioning of 8443.
The end of standalone.xml says
<socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">
<socket-binding name="management-native" interface="management" port="${jboss.management.native.port:9999}"/>
<socket-binding name="management-http" interface="management" port="${jboss.management.http.port:9990}"/>
<socket-binding name="management-https" interface="management" port="${jboss.management.https.port:9443}"/>
<socket-binding name="ajp" port="8009"/>
<socket-binding name="http" port="8080"/>
<socket-binding name="https" port="8443"/>
Found some approaches to SSL, but nothing with .PEM and PK file.
Is somebody an expert in this? Where am I going wrong?
Cheers,
AyKay