0 Replies Latest reply on Aug 5, 2008 10:19 AM by sagi mann

    Unable to connect via SSL port

    sagi mann Newbie

      Hi all,
      Seems like something as simple as setting up SSL for JBoss 4.2.2 is something I am unalbe to perform :-(

      I've created a keystore:

      keytool -genkey -keystore serverkey.jks -storetype jks -storepass changeit -alias tomcat
      What is your first and last name?
       [Unknown]: jboss
      What is the name of your organizational unit?
       [Unknown]: orgunit
      What is the name of your organization?
       [Unknown]: org
      What is the name of your City or Locality?
       [Unknown]: city
      What is the name of your State or Province?
       [Unknown]: state
      What is the two-letter country code for this unit?
       [Unknown]: st
      Is CN=jboss, OU=orgunit, O=org, L=city, ST=state, C=st correc
       [no]: yes
      
      Enter key password for <tomcat>
       (RETURN if same as keystore password): changeit
      


      I configured the connector in:
      V:\tmp\jboss-4.2.2.GA\server\default\deploy\jboss-web.deployer\server.xml:
      <Connector port="8181" protocol="HTTP/1.1" SSLEnabled="true"
       maxHttpHeaderSize="8192"
       emptySessionPath="true"
       maxThreads="150" scheme="https" secure="true"
       clientAuth="false" strategy="ms"
       address="${jboss.bind.address}"
       sslProtocol="TLS"
       keystoreFile="${jboss.server.home.dir}/conf/serverkey.jks"
       keystorePass="changeit"
       truststoreFile="${jboss.server.home.dir}/conf/servertrust.jks"
       truststorePass="password"
      />
      


      then I simply run jboss using:
      run -b 0.0.0.0
      and try to access jboss homepage via the browser:
      https://myhost:8181

      and I immediately get "Internet Explorer cannot display the webpage".
      The non-SSL homepage is fine: http://myhost:8080

      netstat -aon | findstr LISTEN | findstr <jboss PID> yields everything double, I don't know why:
       TCP 0.0.0.0:1098 0.0.0.0:0 LISTENING 3156
       TCP 0.0.0.0:1099 0.0.0.0:0 LISTENING 3156
       TCP 0.0.0.0:4444 0.0.0.0:0 LISTENING 3156
       TCP 0.0.0.0:4445 0.0.0.0:0 LISTENING 3156
       TCP 0.0.0.0:4446 0.0.0.0:0 LISTENING 3156
       TCP 0.0.0.0:8009 0.0.0.0:0 LISTENING 3156
       TCP 0.0.0.0:8080 0.0.0.0:0 LISTENING 3156
       TCP 0.0.0.0:8093 0.0.0.0:0 LISTENING 3156
       TCP 0.0.0.0:8181 0.0.0.0:0 LISTENING 3156
       TCP 0.0.0.0:18083 0.0.0.0:0 LISTENING 3156
       TCP 0.0.0.0:64330 0.0.0.0:0 LISTENING 3156
       TCP 0.0.0.0:64331 0.0.0.0:0 LISTENING 3156
       TCP 0.0.0.0:64333 0.0.0.0:0 LISTENING 3156
       TCP 192.168.1.4:3873 0.0.0.0:0 LISTENING 3156
       TCP [::]:1098 [::]:0 LISTENING 3156
       TCP [::]:1099 [::]:0 LISTENING 3156
       TCP [::]:4444 [::]:0 LISTENING 3156
       TCP [::]:4445 [::]:0 LISTENING 3156
       TCP [::]:4446 [::]:0 LISTENING 3156
       TCP [::]:8009 [::]:0 LISTENING 3156
       TCP [::]:8080 [::]:0 LISTENING 3156
       TCP [::]:8093 [::]:0 LISTENING 3156
       TCP [::]:8181 [::]:0 LISTENING 3156
       TCP [::]:18083 [::]:0 LISTENING 3156
       TCP [::]:64330 [::]:0 LISTENING 3156
       TCP [::]:64331 [::]:0 LISTENING 3156
       TCP [::]:64333 [::]:0 LISTENING 3156
      


      I also have GlassFish v2 installed on the same box, and if I shut down Jboss and start GlassFish (same ssl port), I can reach the GF homepage without any problems. So it's not a Firewall issue.

      any ideas why SSL is not working properly and how to diagnose this?

      thanks.