7 Replies Latest reply on Oct 24, 2013 8:30 AM by erasmomarciano

SSL Configuration in JBoss AS 7.1

ursveera Mar 19, 2013 2:40 PM

Hi,

I wanted to enable SSL in JBoss AS 7.1 with self signed certificates.

Below are the steps i followed.

1) Generated self signed certificate using keytool

keytool -genkey -alias server -keystore keystore.jks -keyalg RSA -keysize 1024 -validity 365 -dname "CN=veera-pc, OU=adsf, O=asdf, L=hyd, ST=ap, C=in" -storepass changeit -keypass changeit

2) exported certificate from keytool

keytool -export -alias server -keystore keystore.jks -storepass changeit -file server.cer

3) imported certificate into truststore using keytool command

keytool -import -trustcacerts -alias server -keystore truststore.jks -file server.cer

4) in standalone.xml, added https connector.

</connector>

when verify-client = true, i am getting below exception when trying to access the application/webservice wsdl file.

Error 117 (net::ERR_BAD_SSL_CLIENT_AUTH_CERT): Bad SSL client authentication certificate.

Could you please let me know where i did mistake and how to correct it.

Thanks,

Veera

1. Re: SSL Configuration in JBoss AS 7.1

ursveera Mar 20, 2013 12:31 AM (in response to ursveera)

Hi,
Anyone got any solution for this?

Thanks,
Veera.
Actions
2. Re: SSL Configuration in JBoss AS 7.1

nickarls Mar 20, 2013 3:11 AM (in response to ursveera)

Never tried but the docs says for verify-client

Set to true if you want the SSL stack to require a valid certificate chain from the client before accepting a connection. Set to want if you want the SSL stack to request a client Certificate, but not fail if one isn't presented. A false value (which is the default) will not require a certificate chain unless the client requests a resource protected by a security constraint that uses CLIENT-CERT authentication. See the SSL HowTo for an example.

So I would start looking at the client end
Actions
3. Re: SSL Configuration in JBoss AS 7.1

ursveera Mar 20, 2013 9:42 AM (in response to nickarls)

Hi,
i followed the link and configured in standalone.xml.

But when i tried to access the application or webservice wsdl url, i am still getting Error 117 (net::ERR_BAD_SSL_CLIENT_AUTH_CERT): Bad SSL client authentication certificate.

Thanks,
Veera
Actions
4. Re: SSL Configuration in JBoss AS 7.1

fabrizio.benedetti Mar 20, 2013 11:08 AM (in response to ursveera)
I think you have to set a false the attribute "native" for web subsystem

<subsystem xmlns="urn:jboss:domain:web:1.2" default-virtual-server="default-host" native="false"> ...
Actions
5. Re: SSL Configuration in JBoss AS 7.1

ursveera Mar 21, 2013 3:28 AM (in response to fabrizio.benedetti)

Hi,
native="false" is already there for it. but still im not able to access application using https.

Thanks,
Veera.
Actions
6. Re: SSL Configuration in JBoss AS 7.1

smatthews Oct 22, 2013 8:03 PM (in response to ursveera)

This post helped me solve my problem. Not sure if you've resolved this (You must have after all this time) but what Nicklas Karlsson was getting at is that you probably want to set verify-client to want. This way it will prompt the client to approve the certificate. Otherwise, verify-client=true will expect the client to already have the certificate.
Actions
7. Re: SSL Configuration in JBoss AS 7.1

erasmomarciano Oct 24, 2013 8:30 AM (in response to smatthews)

Hi

When you set verify-client=true because you want to configure the Mutual Auth between Client and Server
Actions

Go to original post