1 Reply Latest reply on Nov 14, 2007 10:43 PM by Krishnakumar Sriramadhesikan

    Can JBoss/Tomcat use specific alias from keystore (keyalias)

    Krishnakumar Sriramadhesikan Newbie

      Hello,
      We use JBossSX's support for PBESecurityDomain in our Tomcat Connector. Our Connector element looks like this:



      Our Keystore has multiple aliases in it. By default Tomcat uses the first keystore alias it finds.

      I need to change this behavior so Tomcat uses a specific alias.

      Tomcat standalone supports an attribute of keyAlias in the Connector element. I changed above to look like :


      However, JBoss doesn't seem to pick up the keyAlias attribute. Tomcat 5.5 does, when run standalone. [1]

      What am I doing wrong? Does JBoss recognize and honor the keyAlias attribute?

      This is with JBoss 4.0.4.GA, RHEL4. IBM JDK 1.5

      [1] http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html

        • 1. Re: Can JBoss/Tomcat use specific alias from keystore (keyal
          Krishnakumar Sriramadhesikan Newbie

          The earlier post was missing the Connector extracts. Reposting.
          ----------
          We use JBossSX's support for PBESecurityDomain in our Tomcat Connector. Our Connector element looks like this:

          <Connector port="8445" address="${jboss.bind.address}"
           maxThreads="100" minSpareThreads="5" maxSpareThreads="15"
           scheme="https" secure="true" clientAuth="false"
           sslProtocol = "SSL"
           ciphers="SSL_RSA_WITH_3DES_EDE_CBC_SHA,SSL_RSA_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_AES_256_CBC_SHA"
           securityDomain="java:/jaas/encrypt-keystore-password"
           SSLImplementation="org.jboss.net.ssl.JBossImplementation" />
          


          Our Keystore has multiple aliases in it. By default Tomcat uses the first keystore alias it finds.

          I need to change this behavior so Tomcat uses a specific alias. Tomcat standalone supports an attribute of keyAlias in the Connector element. I changed above to look like :
          <Connector port="8445" address="${jboss.bind.address}"
           maxThreads="100" minSpareThreads="5" maxSpareThreads="15"
           scheme="https" secure="true" clientAuth="false"
           sslProtocol = "SSL"
           ciphers="SSL_RSA_WITH_3DES_EDE_CBC_SHA,SSL_RSA_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_AES_256_CBC_SHA"
           securityDomain="java:/jaas/encrypt-keystore-password"
           SSLImplementation="org.jboss.net.ssl.JBossImplementation"
           keyAlias="cgss_server_app" />
          

          However, JBoss doesn't seem to pick up the keyAlias attribute.

          What am I doing wrong? Does JBoss recognize and honor the keyAlias attribute?