This content has been marked as final.
Show 2 replies
-
1. Re: jms over https
adrian.brock Feb 14, 2005 5:48 PM (in response to alt_amit)CAPITAL LETTERS == shouting
1) DO NOT CROSS POST
2) DO NOT POST USER QUESTIONS IN DEVELOPER FORUMS -
2. Re: jms over https
alt_amit Feb 16, 2005 4:02 PM (in response to alt_amit)Summing up how I did JMS over https (sorry Adrian, overlooked multiple forum-related dropdowns):
deploy/jms/jbossmq-httpil.sar/META-INF should have: <attribute name="URLPrefix">https://</attribute> <attribute name="URLPort">8443</attribute> deploy/jbossweb-tomcat50.sar/server.xml have: <Connector port="8443" address="${jboss.bind.address}" maxThreads="100" minSpareThreads="5" maxSpareThreads="15" scheme="https" secure="true" clientAuth="false" keystoreFile="${jboss.server.home.dir}/conf/certpath.keystore" keystorePass="whateversyours" sslProtocol = "TLS" />
certpath.keystore has your self-signed digital signature.
the certificate should be stored back to the cacerts repository on the server (in jre/lib..) so server authentication doesnt throw exception
use host ip not name if that's how the HTTPServerILService is configured.
use correct keystoretype
disable client auth, if not doing so (server auth should be enough)
Add the following in client code:
HostnameVerifier hv = new HostnameVerifier() {
public boolean verify(String urlHostName, SSLSession session) {
System.out.println("Warning: URL Host: "+urlHostName+" vs. "+session.getPeerHost());
return true;
}
};
HttpsURLConnection.setDefaultHostnameVerifier(hv);