Problem of configuring SSL for Https in Jboss AS 7
kishorerouthu Jun 5, 2013 4:33 AMActually we are migrating from Jboss-4.2.2GA to Jboss As7 it is good to work
with Jboss As7 but the problem is that in Jboss-4.2.2GA the SSL is enabled
and working fine for HTTPS with port 8443 for given following configuration (1)
in Server.xml.
1. SSL Configuration for Https Secure port in Jboss-4.2.2 GA
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="250" scheme="https" secure="true"
clientAuth="false"
strategy="ms"
address="${jboss.bind.address}"
keystoreFile="${jboss.server.home.dir}/conf/ssl/2013-cert/working/server.keystore"
keystorePass="123456"
keystoreType="pkcs12"
sslProtocol="TLS"
SSLHonorCipherOrder="On"
ciphers="SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA"
/>
Where as in Jboss AS7 with given following configuration (2) in Standalone.xml when
start up jboss it throws the following error observed in server.log
2. SSL Configuration for Https Secure port in Jboss As7
<subsystem xmlns="urn:jboss:domain:web:1.1" default-virtual-server="default-host">
<connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" redirect-port="8443" secure="true" max-connections="400">
<ssl name="ssl" password="123456"
certificate-key-file="/www/jboss7/standalone/configuration/ssl/ssl.domainname.crt"
cipher-suite="SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA" protocol="TLSv1" verify-client="false"
verify-depth="10"
keystore-type="PKCS12"
truststore-type="PKCS12"/>
</connector>
<virtual-server name="default-host" enable-welcome-root="true">
<alias name="localhost"/>
<alias name="vela"/>
</virtual-server>
</subsystem>
and tried with following alternative configuration in Jboss AS7
<subsystem xmlns="urn:jboss:domain:web:1.1" default-virtual-server="default-host">
<configuration>
<static-resources sendfile="524288"/>
</configuration>
<connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="http" enable-lookups="true" redirect-port="8443" executor="http-executor" max-connections="50"/>
<connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" redirect-port="8443" secure="true" max-connections="400">
<ssl name="ssl" password="123456"
certificate-key-file="/www/jboss7/standalone/configuration/ssl/2013-cert/working/server.keystore"
cipher-suite="SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA" protocol="TLSv1" verify-client="false"
verify-depth="10" keystore-type="PKCS12" truststore-type="PKCS12"/>
</connector>
<virtual-server name="default-host" enable-welcome-root="true">
<alias name="localhost"/>
</virtual-server>
</subsystem>
RROR [org.apache.coyote.http11.Http11AprProtocol] (MSC service thread 1-2) Error initializing endpoint: java.lang.Exception: Unable to configure permitted SSL ciphers (error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher match)
at org.apache.tomcat.jni.SSLContext.setCipherSuite(Native Method) [jbossweb-7.0.13.Final.jar:]
at org.apache.tomcat.util.net.AprEndpoint.init(AprEndpoint.java:642) [jbossweb-7.0.13.Final.jar:]
at org.apache.coyote.http11.Http11AprProtocol.init(Http11AprProtocol.java:121) [jbossweb-7.0.13.Final.jar:]
at org.apache.catalina.connector.Connector.init(Connector.java:983) [jbossweb-7.0.13.Final.jar:]
at org.jboss.as.web.WebConnectorService.start(WebConnectorService.java:267) [jboss-as-web-7.1.1.Final.jar:7.1.1.Final]
at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1811) [jboss-msc-1.0.2.GA.jar:1.0.2.GA]
at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1746) [jboss-msc-1.0.2.GA.jar:1.0.2.GA]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [rt.jar:1.7.0_13]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [rt.jar:1.7.0_13]
at java.lang.Thread.run(Thread.java:722) [rt.jar:1.7.0_13]
07:00:50,361 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-2) MSC00001: Failed to start service jboss.web.connector.https: org.jboss.msc.service.StartException in service jboss.web.connector.https: JBAS018007: Error starting web connector
at org.jboss.as.web.WebConnectorService.start(WebConnectorService.java:271)
at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1811) [jboss-msc-1.0.2.GA.jar:1.0.2.GA]
at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1746) [jboss-msc-1.0.2.GA.jar:1.0.2.GA]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [rt.jar:1.7.0_13]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [rt.jar:1.7.0_13]
at java.lang.Thread.run(Thread.java:722) [rt.jar:1.7.0_13]
Caused by: LifecycleException: Protocol handler initialization failed: java.lang.Exception: Unable to configure permitted SSL ciphers (error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher match)
at org.apache.catalina.connector.Connector.init(Connector.java:985)
at org.jboss.as.web.WebConnectorService.start(WebConnectorService.java:267)
... 5 more
**** And also migrating from jdk1.6.0_38 to jdk1.7.0_13
Following is KeyStore information
====================================
> keytool -v -list -storetype PKCS12 -keystore server.keystore
Enter keystore password:
Keystore type: PKCS12
Keystore provider: SunJSSE
Your keystore contains 1 entry
Alias name: 1
Creation date: Jun 5, 2013
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Do i need any changes in configuration of Jboss AS7 to Successfully enable SSL in as compared to Jboss 4.2.2GA ?
what "keystoreFile" element in Jboss 4.2.2GA configuration represents and
what "certificate-key-file" element in Jboss AS7 configuration represents
These two represents same (i.e keystore) or different ?
What is value of "certificate-key-file" whether it is certificate.crt OR certificate.csr OR server.keystore ?
Please suggest me for the above so that can move futher.
Thanks in advance