11 Replies Latest reply on Oct 10, 2013 3:37 PM by nmitchell

SSL configuration with the Tomcat server

anandrajk Aug 23, 2011 3:18 AM

Hi experts,

I am trying to configure SSL for my Jboss EAP server using a self-signed certificate.

I followed the below steps:

*******************************

1:- Created a self signed certificate by using the keytool utility.

a: Create a private key – public key pair.

keytool –genkey –alias mykey –keypass password –keystore identity.jks –storepass password

b: Self sign the certificate.

keytool –selfcert –alias mykey –keypass password –keystore identity.jks –storepass password

2:- Navigate to the JBOSS_HOME/server/<server-profile>/deploy/jbossweb.sar.

Open the server.xml file. By default the SSL entry in the file is commented out.

Uncomment the SSL configuration entry and provide the details about the keystoreFile and the keystorePass

The SSL related entry in the server.xml file would look like below.

<Connector protocol=”HTTP/1.1? SSLEnabled=”true”

port=”8443? address=”${jboss.bind.address}”

scheme=”https” secure=”true” clientAuth=”false”

keystoreFile=”G:\SSLCerts\identity.jks”

keystorePass=”password” sslProtocol = “TLS” />

******************************************************

NOTE: I tried using a forward slash (‘/’) as well in the KeystoreFile path.

This worked fine with the Jboss Community Server, however it breaks with the below error in Jboss EAP 5.1.

Deployment "WebServer" is in error due to the following reason(s): LifecycleException: Protocol handler initialization failed: java.lang.Exception: No Certificate file specified or invalid file format

Any pointers would be highly appreciated

Regards,

Anandraj

http://weblogic-wonders,.com

1. Re: SSL configuration with the Tomcat server

jfclere Aug 24, 2011 1:49 AM (in response to anandrajk)

try to put the file in a subdirectory of the jboss installation.
Actions
2. Re: SSL configuration with the Tomcat server

anandrajk Aug 24, 2011 3:33 AM (in response to jfclere)

Hi Jean,

Thanks for the reply

I have two concerns over here.

1:- I have tried copying the SSL KeyStore files to the CONF directory, still it throws up the same error.

2:- Secondly there should not be any dependency about the location of the Certificate files.

Any pointers would be highly appreciated.

Regards,
Anandraj
http://weblogic-wonders.com
Actions
3. Re: SSL configuration with the Tomcat server

jschultz Jan 5, 2012 11:27 AM (in response to anandrajk)

Replace protocol="HTTP/1.1" with protocol="org.apache.coyote.http11.Http11NioProtocol"

Apparently the protocol handler that is instantiated when protocol="HTTP/1.1" does not have the clientAuth, keystorePath, and keystorePass properties.
Actions
4. Re: SSL configuration with the Tomcat server

jfclere Jan 6, 2012 4:22 AM (in response to jschultz)

Nio is not in EAP/JBossWeb: JBossWeb isn't Tomcat
Actions
5. Re: SSL configuration with the Tomcat server

jfclere Jan 6, 2012 4:32 AM (in response to jfclere)

BTW: Back to the orginal post... It seems that using Native, native needs the certificate and key in 2 files in PEM format, the most easy it to use openssl to generate the files, something like:
openssl genrsa -des3 -out newkey.pem 1024
openssl req -new -key newkey.pem -out server.csr
openssl x509 -req -days 365 -in server.csr -signkey newkey.pem -out newcert.pem

Then use SSLCertificateFile="newcert.pem" SSLCertificateKeyFile="newkey.pem" in the connector.
Actions
6. Re: SSL configuration with the Tomcat server

jschultz Jan 6, 2012 9:50 AM (in response to anandrajk)

Is this not the Tomcat integration section? :-P

I just ran into this same issue configuring JBOSS 4.2.3, which is why I proposed this fix.
Actions
7. Re: SSL configuration with the Tomcat server

jfclere Jan 9, 2012 3:12 AM (in response to jschultz)

There isn't a Http11NioProtocol in the jboss integration so I don't see how your suggestion could work.
Actions
8. Re: SSL configuration with the Tomcat server

jschultz Jan 9, 2012 9:50 AM (in response to jfclere)

Respectfully, I am not looking for a debate of whether or not Http11NioProtocol exists within a specific version of JBoss. The fix came straight out of the JBoss docs.

http://docs.jboss.org/jbossweb/3.0.x/ssl-howto.html
http://docs.jboss.org/resteasy/docs/1.0.0.GA/userguide/html/Asynchronous_HTTP_Request_Processing.html
http://docs.jboss.org/jbossweb/2.1.x/config/http.html

Albeit, the docs are not for EAP, however they worked for me with JBoss 4.2.3, which I thought might help in this situation.
Actions
9. Re: SSL configuration with the Tomcat server

jfclere Jan 10, 2012 4:13 AM (in response to jschultz)

I have fixed the jbossweb docs... Again protocol="org.apache.coyote.http11.Http11NioProtocol" shouldn't work: we removed the sources of corresponding classes years ago.
Actions
10. Re: SSL configuration with the Tomcat server

jschultz Jan 10, 2012 10:15 AM (in response to jfclere)

I told you that I was using an older version of JBossWeb. Notice the Http11NioProtocol in both screenshots?
Actions
11. Re: SSL configuration with the Tomcat server

nmitchell Oct 10, 2013 3:37 PM (in response to anandrajk)

I had this same issue. I was able to resolve it by changing the protocol on my connector like so:

<Connector protocol=”org.apache.coyote.http11.Http11Protocol" SSLEnabled=”true”
port=”8443" address=”${jboss.bind.address}”
scheme=”https” secure=”true” clientAuth=”false”
keystoreFile=”G:\SSLCerts\identity.jks”
keystorePass=”password” sslProtocol = “TLS” />

Hope this helps
Actions

Go to original post