2 Replies Latest reply on Jun 21, 2002 6:00 PM by R.W. Shore

    SSL Jboss/Tomcat help

    R.W. Shore Newbie

      I'm having no success in getting https to work via the 3.0 jboss/tomcat bundle. Status is the following:

      o Created a server key and dropped it into a keystore.

      o modified jboss-service.xml. The modified entry currently looks like the following:
      <!-- JAAS security manager and realm mapping -->


      org.jboss.security.plugins.JaasSecurityManager



      The mod came inside the name= attribute, changing name= to service=. This seemed to be required to get the JAAS domain to work.

      o Added to tomcat4-service.xml:
      <!-- SSL domain setup -->




      file:/c:///jboss/keystore.dat
      jbossSsl
      jboss.security:service=JaasSecurityManager


      This is the entry that wouldn't work until I changed the security-manager mbean

      o Modified tomcat connectors as follows:
      <!-- A HTTP Connector on port 80 -->

      <!-- A HTTPS Connector on port 443 -->




      -----
      With these changes, everything seems to come up OK. However, when I try to connect via https, the browser just sits and spins. No error but the connection never completes. No sign of any problem in the logs.

      Anybody have a clue re

      -- what could the problem be?

      -- where I might look to try to figure out what the problem is?

        • 1. Re: SSL Jboss/Tomcat help
          Todd Gould Novice

          Do you have a connextor for your SSL connections defined in your tomcat4-service.xml file? If not, this is like your problem.

          The typical catalina/tomcat configuration files are essentially ignored when it's run as an embeded service in 3.0.

          Mine looks like this as I wanted to use port 8443:





          Add something like the above referencing your keystore
          and password.

          - skidvd

          • 2. Re: SSL Jboss/Tomcat help
            R.W. Shore Newbie

            Thanks for the suggestion. I modified the object to look like the following:



            This didn't change the behavior. That is, I still seemed to hang when trying to build an SSL session. Well, that's not quite right - I would get a page-not-found error on the first SSL attempt and a hang on the subsequent attempt. I also tried removing the securityDomainName attribute, which wasn't mentioned in your Factory. System throw a null ptr exception without this attribute.

            Any other suggestions? Is there a particular name that the key needs to have in the keystore?