2 Replies Latest reply on Aug 24, 2011 2:25 AM by SHISHIR PANDEY

    Is alias name of certificate recommended in server.xml during SSL setup?

    SHISHIR PANDEY Newbie

      Hello,

       

      I have created a keystore using Java keytool( For example, old.keystore) and extracted the certificate from it using keytool of JAVA(For example, certificarte.cer).

      I had used this certificate for running Jboss in SSL mode. So, basically i am using the private key of this keystore to run my Jboss in SSL mode.

      I created another keystore(For example, new.keystore) and imported the certificate.cer in it.

      As I had imported the certificate using keytool of JAVA the private key of old.keystore is not getting imported in the new.keystore.

      Now, I used the new.keystore to run my Jboss in SSL mode.

      When I added the property alias in Connector tag :

       

      <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" address="${jboss.bind.address}"

                     maxThreads="150" strategy="ms" maxHttpHeaderSize="8192" emptySessionPath="true" scheme="https" secure="true"

                     clientAuth="false" keyAlias="hello" keystoreFile="D:/Build/Jboss_ssl/jboss/server/default/conf/new.keystore" keystorePass="password"

      sslProtocol="TLS" />

       

      The jboss failed to start with this exception:

       

      Protocol handler start failed: java.io.IOException: Alias name hello does not identify a key entry.

       

      And, i know that it must fail also because the alias name hello is not having private key with itself.

       

      My question is that when i remove the alias name from Connector tag:

       

      <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" address="${jboss.bind.address}"

                     maxThreads="150" strategy="ms" maxHttpHeaderSize="8192" emptySessionPath="true" scheme="https" secure="true"

                     clientAuth="false" keystoreFile="D:/Build/Jboss_ssl/jboss/server/default/conf/new.keystore" keystorePass="password"

      sslProtocol="TLS" />

       

      The Jboss is successfully starts as it get the private key in keystore.

       

      So, is this the recommended behaviour that the alias name should not be written in the Connector tag?

      And should we move ahead with the new keystore having a new private key?