0 Replies Latest reply on Jun 5, 2013 4:06 AM by kishore routhu

    Problem of configuring SSL for Https in Jboss AS 7

    kishore routhu Newbie

      Actually we are migrating from Jboss-4.2.2GA to Jboss As7 it is good to work

      with Jboss As7 but the problem is that in Jboss-4.2.2GA the SSL is enabled

      and working fine for HTTPS with port 8443 for given following configuration (1)

      in Server.xml.

       

       

      1. SSL Configuration for Https Secure port in Jboss-4.2.2 GA

         <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" 

                    maxThreads="250" scheme="https" secure="true" 

                    clientAuth="false" 

                    strategy="ms" 

                    address="${jboss.bind.address}" 

                    keystoreFile="${jboss.server.home.dir}/conf/ssl/2013-cert/working/server.keystore"

                    keystorePass="123456"

                    keystoreType="pkcs12"

                    sslProtocol="TLS"

                    SSLHonorCipherOrder="On"

                    ciphers="SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA"

        />

       

       

       

       

      Where as in Jboss AS7 with given following configuration (2) in Standalone.xml when

      start up jboss it throws the following error observed in server.log

       

      2. SSL Configuration for Https Secure port in Jboss As7

      <subsystem xmlns="urn:jboss:domain:web:1.1" default-virtual-server="default-host">

                  <connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" redirect-port="8443" secure="true" max-connections="400">

                      <ssl name="ssl" password="123456"

           certificate-key-file="/www/jboss7/standalone/configuration/ssl/ssl.domainname.crt"

           cipher-suite="SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA" protocol="TLSv1" verify-client="false"

                          verify-depth="10"

                          keystore-type="PKCS12"

                          truststore-type="PKCS12"/>

                  </connector>

                  <virtual-server name="default-host" enable-welcome-root="true">

                      <alias name="localhost"/>

                      <alias name="vela"/>

                  </virtual-server>

              </subsystem>

       

       

       

       

      RROR [org.apache.coyote.http11.Http11AprProtocol] (MSC service thread 1-2) Error initializing endpoint: java.lang.Exception: Unable to configure permitted SSL ciphers (error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher match)

                at org.apache.tomcat.jni.SSLContext.setCipherSuite(Native Method) [jbossweb-7.0.13.Final.jar:]

                at org.apache.tomcat.util.net.AprEndpoint.init(AprEndpoint.java:642) [jbossweb-7.0.13.Final.jar:]

                at org.apache.coyote.http11.Http11AprProtocol.init(Http11AprProtocol.java:121) [jbossweb-7.0.13.Final.jar:]

                at org.apache.catalina.connector.Connector.init(Connector.java:983) [jbossweb-7.0.13.Final.jar:]

                at org.jboss.as.web.WebConnectorService.start(WebConnectorService.java:267) [jboss-as-web-7.1.1.Final.jar:7.1.1.Final]

                at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1811) [jboss-msc-1.0.2.GA.jar:1.0.2.GA]

                at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1746) [jboss-msc-1.0.2.GA.jar:1.0.2.GA]

                at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [rt.jar:1.7.0_13]

                at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [rt.jar:1.7.0_13]

                at java.lang.Thread.run(Thread.java:722) [rt.jar:1.7.0_13]

       

       

      07:00:50,361 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-2) MSC00001: Failed to start service jboss.web.connector.https: org.jboss.msc.service.StartException in service jboss.web.connector.https: JBAS018007: Error starting web connector

                at org.jboss.as.web.WebConnectorService.start(WebConnectorService.java:271)

                at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1811) [jboss-msc-1.0.2.GA.jar:1.0.2.GA]

                at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1746) [jboss-msc-1.0.2.GA.jar:1.0.2.GA]

                at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [rt.jar:1.7.0_13]

                at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [rt.jar:1.7.0_13]

                at java.lang.Thread.run(Thread.java:722) [rt.jar:1.7.0_13]

      Caused by: LifecycleException:  Protocol handler initialization failed: java.lang.Exception: Unable to configure permitted SSL ciphers (error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher match)

                at org.apache.catalina.connector.Connector.init(Connector.java:985)

                at org.jboss.as.web.WebConnectorService.start(WebConnectorService.java:267)

                ... 5 more

       

        

      Following is KeyStore information

      ====================================

      > keytool -v -list -storetype PKCS12 -keystore server.keystore

      Enter keystore password: 

       

       

      Keystore type: PKCS12

      Keystore provider: SunJSSE

       

       

      Your keystore contains 1 entry

       

       

      Alias name: 1

      Creation date: Jun 5, 2013

      Entry type: PrivateKeyEntry

      Certificate chain length: 1

      Certificate[1]:

       

       

       

       

      Do i need any changes in configuration of Jboss AS7 to Successfully enable SSL in as compared to Jboss 4.2.2GA ?

       

       

      what "keystoreFile" element in Jboss 4.2.2GA configuration represents and

      what "certificate-key-file" element in Jboss AS7 configuration represents

      These two represents same (i.e keystore) or different ?

       

       

      Please suggest me for the above so that can move further.

       

       

      Thank you in advance