0 Replies Latest reply on Nov 28, 2003 4:13 AM by kristiane

    SSL encryption and domain name problem

    kristiane Newbie


      I am trying to setup SSL encryption between an applet and JBoss server. I running into a really wired problem.

      The SSL setup seems to work fine, but when accessing the first EJB, things go wired. It seems that the applet builds the URL used to access the JBoss server wrong, using only hostname and not hostname+domainname. I need the latter, since the applets are to be used one the Internet, where the applet need to perform a DNS lookup of the JBoss server.

      I am using JBoss 3.2.1 and JDK 1.4.2. The applet uses http-invokers and JBoss client libs.

      Looking at the debug output from the client (javax.net.debug=all), this is what I think is happening:

      1. The applet preforms a lookup on the hostname+domainname of the JBoss server, to obtain its ip address. (mbas.radiomarittimi.it -> <some ip address))

      2. The JBoss server send the applet the public key of its certificate. (I am using a VeriSign SSL certificate).

      3. Now SSL negociating and handshake is performed. Everything looks Ok.

      4. I am executing the first call on a JBoss server EJB from the applet. Here the wired part happens. It seems that the applet (JSSE or JBoss client libs) uses the CN field in the SSL certificate to lookup the ip address for the JBoss server. The field states CN=mbas.radiomarittimi.it, but the applet seems to be using the "https://mbas:8443"....

      5. The call fails, I think because the applet can't obtain any ip address for "mbas", it needs to use "mbas.radiomarittimi.it"...

      If I put an entry with just the hostname (in /etc/hosts)
      mbas <some ip address>
      insteadof the hostname+domainname
      mbas.radiomarittimi.it <some ip address>
      IT WORKS!

      This is some of the applet code, to init the context:

      Properties env = new Properties();

      env.setProperty(Context.INITIAL_CONTEXT_FACTORY, "org.jboss.naming.HttpNamingContextFactory");
      env.setProperty(Context.PROVIDER_URL, "https://mbas.radiomarittimi.it:8443/invoker/JNDIFactory);

      System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");
      System.setProperty("org.jboss.security.ignoreHttpsHost", "false");
      System.setProperty ("javax.net.debug", "all");

      m_context = new InitialContext(env);

      Does anyone have any idea how to solve this problem? Is there any properties I have set wrong or not set, on the client side?

      - Kristian

      PS! I can mail the SSL setup log if that is interesting...