Hello again,
My second problem is about SSL.When I migrated my application from Jboss as 6.0.0.Final to 7.1.0.Beta1b everything was fine. I add to my jboss:domain:web subsytem:1.1 configuration :
<connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" enable-lookups="false" secure="true">
<ssl password="xxxxxx" certificate-key-file="/path/to/store/server.keystore" protocol="TLS" verify-client="true" ca-certificate-file="/path/to/store/server.truststore" ca-certificate-password="xxxxxx"/>
</connector>
and I could work with key JKS. But after 7.1.0 CR1 I couldn't work with JKS I got the error:
Exception: Unable to load certificate key /path/to/store/server.keystore (error:0906D06C:PEM routines:PEM_read_bio:no start line)
at org.jboss.as.web.WebConnectorService.start(WebConnectorService.java:271)
at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1824) [jboss-msc-1.0.1.GA.jar:1.0.1
.GA]
at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1759) [jboss-msc-1.0.1.GA.jar:1.0.1.GA]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110) [:1.7.0]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603) [:1.7.0]
at java.lang.Thread.run(Thread.java:722) [:1.7.0]
.....
at the module directory "modules/org/jboss/as/web/main/" I found native dll and I realize it is related with Openssl so I changed my key store to pem file and key file(openssl) and I passed this error. But now I couldn't get certificate from my managedbean.
X509Certificate x509certificates[] = (X509Certificate[])req.getAttribute("javax.servlet.request.X509Certificate");
x509certificates = null . I try to get all attributes from request but my request does not include any attribute to get certificate. How can I get client certificate from managedbean now?
Thanks in advance again...
Hi,
Have a look here : http://community.jboss.org/thread/172052
Since CR-1 JBoss AS 7 ships the native libraries, which can deal only with PEM certificate and not keystore.
To use Java keystores, you must uninstall the native libraries, by removing the modules/org/jboss/as/web/main/lib directory.