2 Replies Latest reply on Feb 16, 2005 4:02 PM by Amit Basu

    jms over https

    Amit Basu Newbie

      Currently I can do JMS over http, by looking up HTTPConnectionFactory and the URL = http://ip:8080/invoker/JNDIFactory. If I wanted to do JMS over https, what are the additional steps needed ?

      Thanks in advance.

        • 1. Re: jms over https
          Adrian Brock Master

          CAPITAL LETTERS == shouting

          1) DO NOT CROSS POST

          2) DO NOT POST USER QUESTIONS IN DEVELOPER FORUMS

          • 2. Re: jms over https
            Amit Basu Newbie

            Summing up how I did JMS over https (sorry Adrian, overlooked multiple forum-related dropdowns):

            deploy/jms/jbossmq-httpil.sar/META-INF should have:
             <attribute name="URLPrefix">https://</attribute>
             <attribute name="URLPort">8443</attribute>
            
            deploy/jbossweb-tomcat50.sar/server.xml have:
             <Connector port="8443" address="${jboss.bind.address}"
             maxThreads="100" minSpareThreads="5" maxSpareThreads="15"
             scheme="https" secure="true" clientAuth="false"
             keystoreFile="${jboss.server.home.dir}/conf/certpath.keystore"
             keystorePass="whateversyours" sslProtocol = "TLS" />

            certpath.keystore has your self-signed digital signature.

            the certificate should be stored back to the cacerts repository on the server (in jre/lib..) so server authentication doesnt throw exception

            use host ip not name if that's how the HTTPServerILService is configured.

            use correct keystoretype

            disable client auth, if not doing so (server auth should be enough)

            Add the following in client code:

            HostnameVerifier hv = new HostnameVerifier() {
            public boolean verify(String urlHostName, SSLSession session) {
            System.out.println("Warning: URL Host: "+urlHostName+" vs. "+session.getPeerHost());
            return true;
            }
            };

            HttpsURLConnection.setDefaultHostnameVerifier(hv);