1 Reply Latest reply on Jul 17, 2002 12:37 PM by Frederic Soulier

    HTTPS nightmare....

    Frederic Soulier Newbie

      OK, I'm trying to setup HTTPS for Tomcat using JBoss3.0.0_Tomcat4.0.3 and Sun JDK 1.3.1_04. I get the same pbm in a Linux and Windows environment.

      JAVA_HOME/jre/lib/ext contains:

      jsse.jar, jnet.jar and jcert.jar


      JAVA_HOME/jre/lib/security/java.security contains:

      #
      # List of providers and their preference orders (see above):
      #
      security.provider.1=sun.security.provider.Sun
      security.provider.2=com.sun.net.ssl.internal.ssl.Provider
      security.provider.3=com.sun.rsajca.Provider


      I have created a .keystore using the keytool (from Sun j2sdkee1.3.1) with the command:

      keytool -genkey -alias TomcatSSL -keyalg RSA

      and moved it to:

      /opt/jboss-3.0.0_tomcat-4.0.3/catalina/certificates/



      My tomcat4-service.xml is:

      <mbean code="org.jboss.security.plugins.JaasSecurityDomain"
      name="Security:service=JaasSecurityDomain,domain=TomcatSSL">
      jboss.security:service=JaasSecurityManager

      <arg type="java.lang.String" value="TomcatSSL" />


      file:/opt/jboss-3.0.0_tomcat-4.0.3/catalina/certificates/.keystore
      changeit



      &catalina.home;











      <!-- A HTTP Connector on port 8080 -->
      <!--

      -->

      <!-- A HTTPS Connector on port 8443 -->









      In /server/all/conf/jboss-service.xml I changed:

      <!-- JAAS security manager and realm mapping -->


      org.jboss.security.plugins.JaasSecurityManager



      to:

      <!-- JAAS security manager and realm mapping -->


      org.jboss.security.plugins.JaasSecurityDomain



      note: If I do not change JaasSecurityManager to JaasSecurityDomain I get a NullPointerException instead...


      and after all that when I deployed I still get:

      LifecycleException: null.open: java.io.IOException: KeyManagerFactory is null for security domain: TomcatSSL

      If I remove the .keystore from its location then I get MalformedURLException because it cannot find the .keystore which is fine.
      So that would mean my .keystore is not setup properly or something?!?
      I'm getting mad, really mad with this stuff ;)
      Pls help!

        • 1. Re: HTTPS nightmare....
          Frederic Soulier Newbie

          Replying to myself... considering why it was not working I'm just going to fling myself through the window in shame :)

          In /server/all/conf/jboss-service.xml I changed:

          <!-- JAAS security manager and realm mapping -->
          <mbean code="org.jboss.security.plugins.JaasSecurityManagerService"
          name="jboss.security:name=JaasSecurityManager">

          org.jboss.security.plugins.JaasSecurityManager



          to

          In /server/all/conf/jboss-service.xml I changed:

          <!-- JAAS security manager and realm mapping -->
          <mbean code="org.jboss.security.plugins.JaasSecurityManagerService"
          name="jboss.security:service=JaasSecurityManager">

          org.jboss.security.plugins.JaasSecurityManager



          HTTPS now works with that fix (+ everything else in previous post).

          Now off to RMI+SSL.