1 Reply Latest reply on Nov 14, 2007 10:43 PM by krishnakumars

    Can JBoss/Tomcat use specific alias from keystore (keyalias)

    krishnakumars
    krishnakumars Nov 14, 2007 10:41 PM

      Hello,
      We use JBossSX's support for PBESecurityDomain in our Tomcat Connector. Our Connector element looks like this:



      Our Keystore has multiple aliases in it. By default Tomcat uses the first keystore alias it finds.

      I need to change this behavior so Tomcat uses a specific alias.

      Tomcat standalone supports an attribute of keyAlias in the Connector element. I changed above to look like :


      However, JBoss doesn't seem to pick up the keyAlias attribute. Tomcat 5.5 does, when run standalone. [1]

      What am I doing wrong? Does JBoss recognize and honor the keyAlias attribute?

      This is with JBoss 4.0.4.GA, RHEL4. IBM JDK 1.5

      [1] http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html

      • 2953 Views
      • Tags:
        • 1. Re: Can JBoss/Tomcat use specific alias from keystore (keyal
          krishnakumars
          krishnakumars Nov 14, 2007 10:43 PM (in response to krishnakumars)

          The earlier post was missing the Connector extracts. Reposting.
          ----------
          We use JBossSX's support for PBESecurityDomain in our Tomcat Connector. Our Connector element looks like this:

          <Connector port="8445" address="${jboss.bind.address}"
 maxThreads="100" minSpareThreads="5" maxSpareThreads="15"
 scheme="https" secure="true" clientAuth="false"
 sslProtocol = "SSL"
 ciphers="SSL_RSA_WITH_3DES_EDE_CBC_SHA,SSL_RSA_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_AES_256_CBC_SHA"
 securityDomain="java:/jaas/encrypt-keystore-password"
 SSLImplementation="org.jboss.net.ssl.JBossImplementation" />


          Our Keystore has multiple aliases in it. By default Tomcat uses the first keystore alias it finds.

          I need to change this behavior so Tomcat uses a specific alias. Tomcat standalone supports an attribute of keyAlias in the Connector element. I changed above to look like : 
          <Connector port="8445" address="${jboss.bind.address}"
 maxThreads="100" minSpareThreads="5" maxSpareThreads="15"
 scheme="https" secure="true" clientAuth="false"
 sslProtocol = "SSL"
 ciphers="SSL_RSA_WITH_3DES_EDE_CBC_SHA,SSL_RSA_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_AES_256_CBC_SHA"
 securityDomain="java:/jaas/encrypt-keystore-password"
 SSLImplementation="org.jboss.net.ssl.JBossImplementation"
 keyAlias="cgss_server_app" />

          However, JBoss doesn't seem to pick up the keyAlias attribute.

          What am I doing wrong? Does JBoss recognize and honor the keyAlias attribute?

            • Actions