12 Replies Latest reply on Jan 24, 2012 2:14 PM by Gregory Charles

    Configuring https on JBoss 7 -- impossible?

    Gregory Charles Newbie

      I have what seems like it should be a simple job. I have to: a) Enable https connections into a web application, and b) Encrypt or otherwise mask the password of the certficate file in standalone.xml.

       

      When I tried to do this in 7.02, I found that protecting passwords was different in JBoss 7, and would utilize a "Password Vault" not available until JBoss 7.1. (Article here: https://community.jboss.org/wiki/JBossAS7SecuringPasswords) I've been waiting for that release, all the time reassuring our customers that everything was going to be fine and we wouldn't have to "reverse" our port of their application back to JBoss 4.2.3.

       

      Now that I've got the CR release of JBoss 7.1, I'm if anything, farther from a solution. Here's the issues I'm facing:

       

      1. The above example for the Vault shows how to protect the password into a database, not into the certificate file. It's unclear if I can use a vault password in the configuration of the https connector.

       

      2. The script used in the example is only in Bourne shell. It hasn't been ported to Windows for whatever reason. Not a blocker, but a confusing omission.

       

      3. When I tried to start up my application on JBoss 7.1, it choked on my JKS type keystore, where the certficate is. Some research showed that 7.1 ships with native OpenSSL support, and expects certificates to be in that form now, though only a cryptic error message informs you of this.

       

      4. All documentation for configuring https tells you to use JKS. There's no direction for configuring and using OpenSSL. In response, some people are saying just to delete the OpenSSL DLL and that should work. I don't know if I can trust those people.

       

      5. The Password Vault itself, as documented, relies on using a Java keystore file. Will that even work now?

       

      I need someone to talk me down of the ledge. The JBoss developers have done an amazing job with JBoss 7, but making SSL so hard to enable doesn't make sense to me. Is there a magic document somewhere that explains how this all works?