3 Replies Latest reply on Jun 8, 2011 4:35 AM by Fabrizio Benedetti

    Setup SSL in jboss Application server

    Moatasem Abdalmahdi Newbie

      i have the Certificate file and private key file "with .pem extension " , after convert to PFX extension then to java key store ..

       

      1. Enter keystore password:   
      2.  
      3. Keystore type: JKS 
      4. Keystore provider: SUN 
      5.  
      6. Your keystore contains 1 entry 
      7.  
      8. Alias name: 1 
      9. Creation date: Jun 6, 2011 
      10. Entry type: PrivateKeyEntry 
      11. Certificate chain length: 1 
      12. Certificate[1]: 
      13. Owner: CN=https.tishknet.com, OU=IT, O=COMPANY, L=S, ST=S, C=IQ 
      14. Issuer: CN=al-sard_ca, OU=IT, O=COMPANY, L=S, ST=S, C=IQ 
      15. Serial number: 2 
      16. Valid from: Fri Dec 10 15:42:00 EET 2010 until: Tue Dec 10 15:36:00 EET 2030 
      17. Certificate fingerprints: 
      18.      MD5:  73:EC:00:A1:EC:8C:14:21:42:D2:DD:38:0F:66:DC:90 
      19.      SHA1: 58:37:BB:49:98:3F:14:B6:23:8D:65:9F:86:21:8F:62:5A:DE:DE:F3 
      20.      Signature algorithm name: SHA1withRSA 
      21.      Version: 3 
      22.  
      23. Extensions:  
      24. ...... 
      25. ..... 
      26.  
      27. .... 
      28.  
      29. etc 

      after that i enabled the SSL (HTTPS) in jboss with the following configuration :

      1.     <Connector port="8443" address="${jboss.bind.address}" 
      2.                protocol="HTTP/1.1" SSLEnabled="true" 
      3.                maxThreads="150" scheme="https" secure="true" 
      4.                clientAuth="false" sslProtocol="TLS" 
      5.                keystoreFile="${jboss.server.home.dir}/conf/server.keystore" 
      6.                keystorePass="password" /> 

      and am getting ERROR :

      Keystore was tampered with, or password was incorrect

       

      please any idea or advice !!! did i missed something !!


        • 1. Re: Setup SSL in jboss Application server
          Fabrizio Benedetti Novice

          Be sure that keystore and alias have same password.

          • 2. Re: Setup SSL in jboss Application server
            Moatasem Abdalmahdi Newbie

            ok these are the following procedure that i did to convert the Certificate.pem and Key.pem ----to---> server.keystore

            ***just to be sure that i did it with the right way !!***

             

            1.Convert PEM to PFX

            openssl pkcs12 -inkey key.pem -in cert.pem -export -out newKey.pfx

            2.Convert PFX to JKS

            java -classpath lib/jetty-6.1.1.jar org.mortbay.jetty.security.PKCS12Import

                     newKey.pfx server.keystore

            3. after that i configure the server.xml with the following :

             

            1.     <Connector port="8443" address="${jboss.bind.address}"
            2.                protocol="HTTP/1.1" SSLEnabled="true"
            3.                maxThreads="150" scheme="https" secure="true"
            4.                clientAuth="false" sslProtocol="TLS"
            5.                keystoreFile="${jboss.server.home.dir}/conf/server.keystore"
            6.                keystorePass="password" />

             

            @Fabrizio Benedetti , Yes you was right now its working with no error when i run the jboss ...,

             

            **** and in the other side which is the CPE should send Certificate with .der extension  , is every thing that i did is right ???

            becuase still cant have connection , want be sure that not from certificate or SSL connection in jboss....

             



            • 3. Re: Setup SSL in jboss Application server
              Fabrizio Benedetti Novice

              Your certificate is issued by a CA (CN=al-sard_ca, OU=IT, O=COMPANY, L=S, ST=S, C=IQ).

              The keystore must trust that CA.

              So you have to export CA certificate (in DER format) and trust it in "server.keystore" with keytool or other tool (ex. keytool-UI).

               

              Restart Jboss a make a browser connection on port 8443. It should be OK.

               

              Regards