-
1. Re: JBoss3.2-Tomcat4.1.24 Release - SSL Broken?
rxkaul Apr 18, 2003 4:57 PM (in response to sulfur)I am having the same problem, although with JBoss-3.0.6_tomcat-4.1.18 release.
-
2. Re: JBoss3.2-Tomcat4.1.24 Release - SSL Broken?
rxkaul Apr 18, 2003 5:26 PM (in response to sulfur)I am curious. Which version of Jboss did you have the SSL working?
-
3. Re: JBoss3.2-Tomcat4.1.24 Release - SSL Broken?
didi1976 Apr 19, 2003 6:07 AM (in response to sulfur)Hi,
I have encountered the same problem. If you use the coyote connector of Tomcat, SSL does not work.
If you use the "old style" HttpConnector everything works.
Dietmar -
4. Re: JBoss3.2-Tomcat4.1.24 Release - SSL Broken?
sulfur Apr 21, 2003 1:13 PM (in response to sulfur)Hi all thanks for the responses.
1) I was using Jboss_3.0.4-Tomcat_4.1.12 & it worked (probably because tomcat41-service.xml was configured to use HttpConnector by default! :P
2) Yes I have also changed 3.2.0-4.1.24 to use HttpConnector instead of Coyote for now.
3) I assume that means CoyoteConnector never worked in JBoss 3.x? Anyone know if there's a Bugzilla entry for it already?
Cheers,
Anthony. -
5. Re: JBoss3.2-Tomcat4.1.24 Release - SSL Broken?
jleech Apr 21, 2003 6:29 PM (in response to sulfur)I've got SSL working on 3.2/4.1.24 using the CoyoteConnector. In jboss-3.2.0_tomcat-4.1.24\server\default\deploy\jbossweb-tomcat.sar\META-INF\jboss-service.xml
I've got: -
6. Re: JBoss3.2-Tomcat4.1.24 Release - SSL Broken?
rxkaul Apr 22, 2003 12:08 AM (in response to sulfur)<Factory className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory"...
was the key to this mystery.
Thank you so much! -
7. Re: JBoss3.2-Tomcat4.1.24 Release - SSL Broken?
sulfur Apr 23, 2003 3:27 PM (in response to sulfur)This is awesome! Thanks!
Now my next question for being a perfectionist. Is there a way to not hardcode the keystoreFile?
Tomcat standalone allows paths relative to $CATALINA_BASE but I don't suppose we can use $JBOSS_HOME or something similar here? -
8. Re: JBoss3.2-Tomcat4.1.24 Release - SSL Broken?
dcowan May 7, 2003 9:59 AM (in response to sulfur)From what I have managed to figure out the xml files use velocity like text replacement allowing you to use system properties. You can view all the system properties defined by jboss in the JMX console under System property viewer. Here is what I did so I could place my keystore in default/conf
For some reason the forums eats this so replace [ with {
keystore="$[jboss.server.home.dir]/conf/server.keystore" -
9. Re: JBoss3.2-Tomcat4.1.24 Release - SSL Broken?
darrellvteague Jun 2, 2003 9:59 AM (in response to sulfur)I was also (finally) able to get it to work (thanks to the forum folks - paid for documentation is insufficient). The first problem is finding out where the configuration files are the need to be changed.
The first one was here:
[JBOSS_HOME]\[server e.g. "default"]\conf\jboss-service.xml
Create an mbean to identify the JAAS settings:
jboss.security:service=XMLLoginConfig
login-config.xml
<!-- JAAS security manager and realm mapping -->
org.jboss.security.plugins.JaasSecurityDomain
jboss.security:service=JaasSecurityManager
file://C:/Java/keystore
password
The second one was here (to set the SSL port and properties):
[JBOSS_HOME]\[server e.g. "default"]\deploy\jbossweb-tomcat.sar\META-INF\jboss-service.xml
true
<!--
*******************************************************
****************** CLUSTERING *************************
*******************************************************
In order to activate HTTP Session clustering for Tomcat
make sure you run JBoss's "all" configuration i.e.
"run -c all"
(the default configuration doesn't contain clustering)
Furthermore, you may change SnapshotMode and
SnapshotInterval attributes below to indicate when to
synchronize changes with the other node(s).
If you use Apache+mod_jk(2) you will most probably use
the AJP1.3 connector below. Thus, if you so wish,
you may comment (i.e. deactivate) the HTTP connector
as it won't be used anymore.
*******************************************************
*******************************************************
*******************************************************
-->
<!--
If you are using clustering, the following two attributes
define when the sessions are replicated to the other nodes.
The default value, "instant", synchronously replicates changes
to the other nodes. In this case, the "SnapshotInterval" attribute
is not used.
The "interval" mode, in association with the "SnapshotInterval"
attribute, indicates that Tomcat will only replicates modified
sessions every "SnapshotInterval" miliseconds at most.
-->
instant <!-- you may switch to "interval" -->
2000
<!-- Access logger -->
<!-- Default context parameters -->
<!-- A HTTP/1.1 Connector on port 8080 -->
<!-- A AJP 1.3 Connector on port 8009 -->
<!-- SSL/TLS Connector configuration using the SSL domain keystore -->
Hope this helps others trying to get SSL to work. Note that in this configuration, both SSL and non-SSL are setup to work on the default ports (443/80; respectively). -
10. Re: JBoss3.2-Tomcat4.1.24 Release - SSL Broken?
raynix Jun 2, 2003 10:52 PM (in response to sulfur)Thanks a lot!
But when I modified as above, I got new problems:
If I enter https://localhost/jmx-console
(my ssl port is the default port 443)
the browser returns an error page immediately and an exception shown:
2003-06-03 10:36:41,921 DEBUG [org.apache.tomcat.util.threads.ThreadPool] Getting new thread data
2003-06-03 10:36:42,078 DEBUG [org.apache.tomcat.util.net.PoolTcpEndpoint] Handshake failed
javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(DashoA6275)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.handshake(JSSESocketFactory.java:290)
at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:540)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:619)
at java.lang.Thread.run(Thread.java:536)
Caused by: java.io.EOFException: SSL peer shut down incorrectly
at com.sun.net.ssl.internal.ssl.InputRecord.read(DashoA6275)
... 7 more
Has anybody else encountered this? -
11. Re: JBoss3.2-Tomcat4.1.24 Release - SSL Example
darrellvteague Jun 3, 2003 9:49 AM (in response to sulfur)My friend had a similar problem. I suspect I probably need to just include the entire configuration. Note that I am using the "all" server (as opposed to "default") since the default server does not support certain features. To validate this example, ensure you are using the "all" server.
Attached are the [JBOSS_HOME]/server/all/conf/jboss-service.xml, [JBOSS_HOME]/server/all/deploy/http-invoker.sar/META-INF/jboss-service.xml and the [JBOSS_HOME]/server/all/deploy/jboss-tomcat.sar/META-INF/jboss-service.xml files.
... then all you have to do is generate a JKS keystore and self-signed cert (I have it pointing to C:\Java\keystore). See this URL if you need help:
http://java.sun.com/products/jdk/1.2/docs/tooldocs/solaris/keytool.html
This configuration (above) defintely works on the JBoss/Tomcat version referenced. Hope this saves people time in getting SSL working on JBoss... -
12. Re: JBoss3.2-Tomcat4.1.24 Release - SSL Certificates
darrellvteague Jun 3, 2003 1:52 PM (in response to sulfur)My friend had the same SSLHandshakeException problem. It turned out that they Certificate was improperly created in the keystore. Specifically, the certificate has be created with an RSA algorithm (apparently that is all Tomcat understands):
keytool -genkey -alias name -keyalg RSA -keystore keystoreURI
Hope this helps. -
13. Re: JBoss3.2-Tomcat4.1.24 Release - SSL Certificates
raynix Jun 3, 2003 11:07 PM (in response to sulfur)Thanks very much! This really helps!
-
14. Re: JBoss3.2-Tomcat4.1.24 Release - SSL Certificates
sujith Jul 3, 2003 4:50 AM (in response to sulfur)Hello,
I tried exactly what has explained above. But I am getting the following exception at server start up. What could be the reason... please help....
...
17:33:43,108 INFO [TomcatSSL] Starting
17:33:43,359 WARN [ServiceController] Problem starting service Security:service=JaasSecurityDomain,domain=TomcatSSL
java.io.FileNotFoundException: \Java\keystore
at org.jboss.net.protocol.file.FileURLConnection.connect(FileURLConnection.java:70)
at org.jboss.net.protocol.file.FileURLConnection.getInputStream(FileURLConnection.java:79)
at java.net.URL.openStream(URL.java:960)
...
Thanks in advance