4 Replies Latest reply on Jun 10, 2013 2:54 AM by jfclere

    How to configure ssl with mod_cluster and JBoss 7.1.1

    jginer
    jginer Jun 7, 2013 3:43 AM

      Hi,
      We configure three LPAR with AIX7.1:

      • One LPAR for Web with mod_cluster 1.1.3 and http 2.2.14
      • Two LPAR for JBoss 7.1.1 Final.

      Now we want to securize the Web LPAR.
      1.- We create a local certificate on Web LPAR:
      openssl genrsa -des3 -out server.key 1024
      openssl req -new -key server.key -out server.csr
      openssl req -new -key server.key -out server.csr
      openssl x509 -req -days 730 -in server.csr -signkey server.key -out server.crt

      2.- We comment the line "Include conf/extra/httpd-vhosts.conf" on httpd.conf

      3.- We uncommnet the line "Include conf/extra/httpd-ssl.conf" on httpd.conf

      4.- We copy the content of conf/extra/httpd-vhosts.conf at the bottom of conf/extra/httpd-ssl.conf and change the port 10001 by 443 and add SSL configuration:
      </VirtualHost>
      Listen 192.168.34.19:443
      MemManagerFile /var/cache/httpd
      <VirtualHost 192.168.34.19:443>
      SSLEngine on
      SSLCipherSuite AES128-SHA:ALL:!ADH:!LOW:!MD5:!SSLV2:!NULL
      SSLCertificateFile pki/server.crt
      SSLCertificateKeyFile pki/server.key
      SSLVerifyClient require
      SSLVerifyDepth 10
      <Directory />
      Order deny,allow
      Allow from all
      </Directory>
      KeepAliveTimeout 60
      MaxKeepAliveRequests 0
      ManagerBalancerName other-server-group
      AdvertiseFrequency 5
      #This directive allows you to view mod_cluster status at URL http://192.168.34.19:10001/mod_cluster-manager
      <Location /mod_cluster-manager>
      SetHandler mod_cluster-manager
      Order deny,allow
      Allow from all
      </Location>
      </VirtualHost>

      but we cannot connect using https://.....

      Anything wrong? We must configure something in JBoss?

      Regards,

      • 665 Views
      • Tags: