7 Replies Latest reply on Apr 20, 2005 10:34 AM by Ryan Ogaard

    Basic problem with HTTPS

    Rob Mitchell Newbie

      Hi,

      I've got a basic problem with HTTPS. The problem is that I have followed the instructions and I can't get an HTTPS connection.

      I am working on a Windows XP system and have JBoss 3.2.3 installed.

      I have made the following changes to the basic installation.

      jboss-tomcat41.sar\META-INF\jboss-service.xml:
      I have added the CoyoteConnector(below) to the JBoss-Tomcat service -

      <Connector className = "org.apache.coyote.tomcat4.CoyoteConnector"
       address="${jboss.bind.address}"
       port = "8443" scheme = "https"
       secure = "true">
       <Factory className =
       "org.apache.coyote.tomcat4.CoyoteServerSocketFactory"
       keystoreFile="${jboss.server.home.dir}/chap8.keystore"
       keystorePass="rmi+ssl"
       protocol = "TLS"/>
       </Connector>


      If I run Jboss and then try to access https://localhost:8443/jmx-console/index.jsp through Firefox I get
      "The connection to localhost:8443 has been terminated unexpectedly"
      If I try through IE I get "This page cannot be found"

      If I turn the logging to DEBUG the only output I get after trying the https access is:
      2005-01-24 13:19:08,425 DEBUG default desktop [org.apache.tomcat.util.threads.ThreadPool] Getting new thread data


      I thought it might be that I had the keystore in the wrong place but I copied it into
      D:\jboss-3.2.3\server
      D:\jboss-3.2.3\server\default
      D:\jboss-3.2.3\server\default\conf
      D:\jboss-3.2.3\server\default\deploy
      D:\jboss-3.2.3\server\default\deploy\jbossweb-tomcat41.sar
      D:\jboss-3.2.3\server\default\deploy\jbossweb-tomcat41.sar\META-INF

      That didn't help any.
      You will also notice that I have even got to the point of using precisely the same name for the keystore and password just in case there was something wrong with my naming conventions.


      So, does anyone have any idea what I'm doing wrong ?

      Thanks
      Rob


        • 1. Re: Basic problem with HTTPS
          veerendra nagabhirava Newbie

          Same Here,

          I followed the documentation and couple of other examples on the web, but still I am not able to establish HTTPS.


          I am using jboss-4.0.0RC1

          thanks in advance
          vire

          • 2. Re: Basic problem with HTTPS
            sj_bennett Newbie

            Try this:

            The keystore should go in
            D:\jboss-3.2.3\server\default\conf

            Then your path to the keystore file should be

            keystoreFile="${jboss.server.home.dir}/conf/chap8.keystore"


            steve

            • 3. Re: Basic problem with HTTPS
              Rob Mitchell Newbie

              I tried that but with no success.

              Rob

              • 4. Re: Basic problem with HTTPS
                sj_bennett Newbie

                Mine works and this is what is in my server.xml file.

                <Connector port="443" address="${jboss.bind.address}"
                 maxThreads="100" minSpareThreads="5" maxSpareThreads="15"
                 scheme="https" secure="true" clientAuth="false" redirectPort="8443"
                 keystoreFile="${jboss.server.home.dir}/conf/chap8.keystore"
                 keystorePass="rmi+ssl" sslProtocol = "TLS" />
                 <Connector port="8443" address="${jboss.bind.address}"
                 maxThreads="100" minSpareThreads="5" maxSpareThreads="15"
                 scheme="https" secure="true" clientAuth="false"
                 keystoreFile="${jboss.server.home.dir}/conf/chap8.keystore"
                 keystorePass="rmi+ssl" sslProtocol = "TLS" />


                Then I don't use the ':8443' on the URL string. I do this because using port 8443 didn't work through our firewall.

                steve

                • 5. Re: Basic problem with HTTPS
                  Rob Mitchell Newbie

                  Thanks for replying.

                  I have tried the config you suggested but with no luck.

                  I've been running 'netstat -a' commands and it looks like a socket on the 8443 port is being opened but then it times out.

                  I think the problem is in having something reading from the port.
                  My understanding is that the WebServer service (as defined below) should be reading from that port. Is that right ? If that is right, any idea why it's not doing anything

                  <mbean code="org.jboss.web.tomcat.tc4.EmbeddedTomcatService"
                   name="jboss.web:service=WebServer">
                  
                   <attribute name="Java2ClassLoadingCompliance">true</attribute>
                  
                   <attribute name="LenientEjbLink">true</attribute>
                  
                   <attribute name="UseJBossWebLoader">true</attribute>
                  
                   <attribute name="SubjectAttributeName">j_subject</attribute>
                  
                   <attribute name="SnapshotMode">instant</attribute> <!-- you may switch to "interval" -->
                   <attribute name="SnapshotInterval">3000</attribute>
                  
                   <attribute name="Config">
                   <Server>
                   <Service name="JBoss-Tomcat">
                   <Engine name="MainEngine" defaultHost="localhost">
                   <Logger className="org.jboss.web.tomcat.Log4jLogger"
                   verbosityLevel="debug" category="org.jboss.web.localhost.Engine"/>
                   <Host name="localhost">
                  
                   <!-- Access logger -->
                   <Valve className="org.apache.catalina.valves.AccessLogValve"
                   prefix="localhost_access" suffix=".log"
                   pattern="common" directory="${jboss.server.home.dir}\log"/>
                  
                   <!-- This valve clears any caller identity set by the realm
                   and provides access to the realm about the existence of an
                   authenticated caller to allow a web app to run with a realm
                   that support unauthenticated identities. It also establishes
                   any run-as principal for the servlet being accessed.
                   -->
                   <Valve className="org.jboss.web.tomcat.security.SecurityAssociationValve"/>
                   <!-- Default context parameters -->
                   <DefaultContext cookies="true" crossContext="true" override="true"/>
                   </Host>
                   </Engine>
                  
                   <!-- A HTTP/1.1 Connector on port 8080 -->
                   <Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
                   address="${jboss.bind.address}" port="8080" minProcessors="5" maxProcessors="100"
                   enableLookups="true" acceptCount="10" debug="10" redirectPort="8443"
                   connectionTimeout="20000" useURIValidationHack="false"/>
                  
                  
                   <!-- SSL/TLS Connector configuration using the SSL domain keystore -->
                  <Connector port="8443" address="${jboss.bind.address}"
                   maxThreads="100" minSpareThreads="5" maxSpareThreads="15"
                   scheme="https" secure="true" clientAuth="false"
                   keystoreFile="${jboss.server.home.dir}/conf/server.keystore"
                   keystorePass="tc-ssl" sslProtocol = "TLS" />
                  
                   </Service>
                   </Server>
                   </attribute>
                   <depends>jboss:service=TransactionManager</depends>
                   </mbean>
                  


                  • 7. Re: Basic problem with HTTPS
                    Ryan Ogaard Newbie

                    Hello all...

                    I am experiencing a similar problem with https... I have followed the documentation for JBoss 4 to enable SSL, and am also not able to establish a secure connection with jmx for testing. Does the keystore have to be named "chap8.keystore?

                    Thanks,