2 Replies Latest reply on Apr 15, 2004 12:35 PM by Scott Stark

    SSL configuration

    George -.IO.- Newbie

      Hi all,
      I am quite new in JBOSS so I am wondering if JBOSS
      support SSL connections from a Web client and/or from a Java Client?
      If yes in which documents this prodedure is described ?

      Thanks in advance
      George

        • 1. Re: SSL configuration
          Erik Sliman Apprentice

          There are two ways you can do this. One is through Apache HTTPD, and another is directly in Tomcat. I use the former.

          To use Apache as your HTTPD, you use Tomcat's JK to forward requests from Apache to Tomcat.

          http://johnturner.com/howto/apache-tomcat-howto.html

          Then you setup Apache to use SSL:

          http://httpd.apache.org/docs-2.0/ssl/

          I found the FAQ to be the most useful, giving step-by-step instructions for creating and deploying a certificate. I had to Google search to create the sign.sh.

          Then you simply define a virtual host that both enables SSL and defines your JK forwarding request. Here is an example:

          <VirtualHost 192.168.1.56:443>
           ServerName secure-webserver.com
           ServerAlias *.webserver.com
           DocumentRoot "/usr/local/www/data"
          
           ErrorLog /var/log/httpd-secure-error.log
           TransferLog /var/log/httpd-secure-access.log
          
           SSLEngine on
           SSLCipherSuite
          ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
           SSLCertificateFile /usr/local/etc/apache/ssl.crt/sitessl.crt
           SSLCertificateKeyFile /usr/local/etc/apache/ssl.key/sitessl.key
          
           #################### osnet:/ ####################
          
          # # Static files
          # Alias /moredocs "/usr/local/www/moredocs"
          
           <Directory "/usr/local/www/osnet">
           Options Indexes FollowSymLinks
           DirectoryIndex index.jsp index.html index.htm
           </Directory>
          
           # Forwards ALL requests to Tomcat
           JkMount /* ajp13
          
           # Optional limitted forwarding examples:
           # JkMount /*.jsp ajp13
           # JkMount /servlet/* ajp13
          </VirtualHost>
          


          Keep in mind that named virtual hosting doesn't work with SSL as it can't read the header in the HTML. Thus, the ServerAlias is kinda useless. You can, however, use IP or port based virtual hosting, which, of course, can be mapped to subdomains. Otherwise, when using SSL, it will grab the first virtual hosting entry you have for a given IP/port.