1 Reply Latest reply on Jan 6, 2012 6:43 AM by guinotphil Branched from an earlier discussion.

    SSL configuration in AS 7.1.0.CR1

    esb Newbie

      Hello again,


      My second problem is about SSL.When I migrated my application from Jboss as 6.0.0.Final to 7.1.0.Beta1b everything was fine. I add to my jboss:domain:web subsytem:1.1 configuration :


                  <connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" enable-lookups="false" secure="true">

                      <ssl password="xxxxxx" certificate-key-file="/path/to/store/server.keystore" protocol="TLS" verify-client="true" ca-certificate-file="/path/to/store/server.truststore" ca-certificate-password="xxxxxx"/>


      and I could work with key JKS. But after 7.1.0 CR1 I couldn't work with JKS I got the error:


      Exception: Unable to load certificate key /path/to/store/server.keystore (error:0906D06C:PEM routines:PEM_read_bio:no start line)

              at org.jboss.as.web.WebConnectorService.start(WebConnectorService.java:271)

              at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1824) [jboss-msc-1.0.1.GA.jar:1.0.1


              at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1759) [jboss-msc-1.0.1.GA.jar:1.0.1.GA]

              at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110) [:1.7.0]

              at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603) [:1.7.0]

              at java.lang.Thread.run(Thread.java:722) [:1.7.0]



      at the module directory "modules/org/jboss/as/web/main/" I found native dll and I realize it is related with Openssl so I changed my key store to pem file and key file(openssl) and I passed this error. But now I couldn't get certificate from my managedbean.


      X509Certificate x509certificates[] = (X509Certificate[])req.getAttribute("javax.servlet.request.X509Certificate");


      x509certificates = null . I try to get all attributes from request but my request does not include any attribute to get certificate. How can I get client certificate from managedbean now?


      Thanks in advance again...