1 Reply Latest reply on Feb 25, 2014 3:43 AM by luisfmgoncalves

    SSL keystore in JBoss eap 6.1

    luisfmgoncalves

      Hi there,

       

      I currently have my application deployed in Tomcat which I can access using https. I have a small tool that can generate .jks key stores and can also import a Certificate Authority (CA) reply to that generated keystore. Once I import the CA reply into the keystore, I can access my application using the fully qualified name.

       

      I've been trying to set up the same with jboss. I use the same tool to generate a .jks keystore and once that is done I update the configuration file (standalone.xml) in order to include the keystore that I created. The connector content is as follow:

       

      <connector enabled="true" name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" secure="true">

            <ssl certificate-key-file="path\to\keystores\keystore_https.jks" password="changeit"/>

      </connector>

       

      Using this configuration and with my application deployed locally I can access to it using  https://localhost:8443/Application (it displays the browser warning related with the certificate which is expected)

       

      The problem comes when I import the CA reply. If I import the CS reply into the keystore, and change the configuration file as follow:

       

      <connector enabled="true" name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" secure="true">

            <ssl certificate-key-file="path\to\keystores\keystore_https.jks" password="changeit" ca-certificate-file="path\to\keystores\keystore_https.jks"/>

      </connector>

       

      I always get a 'This page is not available' when I try to access to my application using https://fullyQualifiedName.domain.com:8443/Application

       

      Do you guys have any idea what am I doing wrong?

       

      Thanks in advance

        • 1. Re: SSL keystore in JBoss eap 6.1
          luisfmgoncalves

          Hi again,

           

          After some investigation I solved this issue which was not related with ssl configuration.

          By default, JBoss only binds to localhost (security default) so I just changed:

           

          <interfaces>

                  ...

                  <interface name="public">

                      <inet-address value="${jboss.bind.address:127.0.0.1}"/>

                  </interface>

                  ...

          </interfaces>

           

          for

           

          <interfaces>

                  ...

                  <interface name="public">

                      <inet-address value="${jboss.bind.address:0.0.0.0}"/>

                  </interface>

                  ...

          </interfaces>

           

          Also, I end up with the following ssl configuration

           

          <connector enabled="true" name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" secure="true">

                <ssl certificate-key-file="path\to\keystores\keystore_https.jks" password="changeit"/>

          </connector>

           

          Thanks