1 Reply Latest reply on Mar 5, 2004 5:14 PM by arvind_rao

    SSL Keystore Configuration

    Carolyn Cole Newbie

      Hello,

      I am trying to configure SSL in my JBoss Server.

      I am running with version 3.2.2

      I have modified my jboss-service.xml file in default/conf to have the following mbeans for security:

       <!-- JAAS security manager and realm mapping -->
       <mbean code="org.jboss.security.plugins.JaasSecurityManagerService"
       name="jboss.security:service=JaasSecurityManager">
       <attribute name="SecurityManagerClassName">
       org.jboss.security.plugins.JaasSecurityDomain
       </attribute>
       </mbean>
      
       <!-- The SSL domain setup -->
       <mbean code="org.jboss.security.plugins.JaasSecurityDomain" name="jboss.security:service=JaasSecurityDomain,domain=RMI+SSL">
       <constructor>
       <arg type="java.lang.String" value="RMI+SSL"/>
       </constructor>
       <attribute name="KeyStoreURL">file:///c:/keystore/store.keystore</attribute>
       <attribute name="KeyStorePass">uaim04</attribute>
       <!--attribute name="KeyStoreType">JKS</attribute-->
       </mbean>
      


      I have then modified the tomcat jboss-service.xml file to define an https connector using the security domian.

      I have tried the following ways:
      1)
       <Connector className = "org.apache.catalina.connector.http.HttpConnector" port = "8443" scheme="https" secure = "true">
       <Factory className = "org.jboss.web.catalina.security.SSLServerSocketFactory"
       securityDomainName = "java:/jaas/RMI+SSL" clientAuth = "false" protocol = "TLS" />
       </Connector>
      


      2)
       <Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
       address="${jboss.bind.address}" port="8443" minProcessors="5" maxProcessors="75"
       enableLookups="true" disableUploadTimeout="true"
       acceptCount="100" debug="0" scheme="https"
       secure="true">
       <Factory className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory"
       securityDomainName = "java:/jaas/RMI+SSL"
       clientAuth="false"
       protocol = "TLS"/>
       </Connector>
      


      When I run with the first configuration I get the following exception:
      java.lang.ClassNotFoundException: No ClassLoaders found for: org.jboss.web.catalina.security.SSLServerSocketFactory
       at org.jboss.mx.loading.LoadMgr3.beginLoadTask(LoadMgr3.java:161)
       at org.jboss.mx.loading.UnifiedClassLoader3.loadClassImpl(UnifiedClassLoader3.java:169)
       at org.jboss.mx.loading.UnifiedClassLoader3.loadClass(UnifiedClassLoader3.java:123)
       at java.lang.ClassLoader.loadClass(ClassLoader.java:235)
       at org.apache.commons.digester.ObjectCreateRule.begin(ObjectCreateRule.java:252)
       at org.apache.commons.digester.Rule.begin(Rule.java:200)
       at org.apache.commons.digester.Digester.startElement(Digester.java:1273)
       at org.jboss.web.tomcat.tc4.LoggedXmlMapper.startElement(LoggedXmlMapper.java:70)
       at org.apache.xalan.transformer.TransformerIdentityImpl.startElement(TransformerIdentityImpl.java:1020)
       at org.apache.xml.utils.TreeWalker.startNode(TreeWalker.java:379)
       at org.apache.xml.utils.TreeWalker.traverse(TreeWalker.java:191)
       at org.apache.xalan.transformer.TransformerIdentityImpl.transform(TransformerIdentityImpl.java:325)
       at org.jboss.web.tomcat.tc4.ConfigHandler.applyHostConfig(ConfigHandler.java:137)
       at org.jboss.web.tomcat.tc4.EmbeddedTomcatService.initCatalina(EmbeddedTomcatService.java:430)
       at org.jboss.web.tomcat.tc4.EmbeddedTomcatService.startService(EmbeddedTomcatService.java:272)
       at org.jboss.system.ServiceMBeanSupport.start(ServiceMBeanSupport.java:192)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:324)
       at org.jboss.mx.capability.ReflectedMBeanDispatcher.invoke(ReflectedMBeanDispatcher.java:284)
       at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:546)
       at org.jboss.system.ServiceController$ServiceProxy.invoke(ServiceController.java:976)
       at $Proxy15.start(Unknown Source)
       at org.jboss.system.ServiceController.start(ServiceController.java:394)
       at sun.reflect.GeneratedMethodAccessor6.invoke(Unknown Source)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:324)
       at org.jboss.mx.capability.ReflectedMBeanDispatcher.invoke(ReflectedMBeanDispatcher.java:284)
       at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:546)
       at org.jboss.mx.util.MBeanProxyExt.invoke(MBeanProxyExt.java:177)
       at $Proxy4.start(Unknown Source)
       at org.jboss.deployment.SARDeployer.start(SARDeployer.java:226)
       at org.jboss.deployment.MainDeployer.start(MainDeployer.java:832)
       at org.jboss.deployment.MainDeployer.deploy(MainDeployer.java:642)
       at org.jboss.deployment.MainDeployer.deploy(MainDeployer.java:605)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:324)
       at org.jboss.mx.capability.ReflectedMBeanDispatcher.invoke(ReflectedMBeanDispatcher.java:284)
       at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:546)
       at org.jboss.mx.util.MBeanProxyExt.invoke(MBeanProxyExt.java:177)
       at $Proxy6.deploy(Unknown Source)
       at org.jboss.deployment.scanner.URLDeploymentScanner.deploy(URLDeploymentScanner.java:302)
       at org.jboss.deployment.scanner.URLDeploymentScanner.scan(URLDeploymentScanner.java:476)
       at org.jboss.deployment.scanner.AbstractDeploymentScanner$ScannerThread.doScan(AbstractDeploymentScanner.java:20
      1)
       at org.jboss.deployment.scanner.AbstractDeploymentScanner.startService(AbstractDeploymentScanner.java:274)
       at org.jboss.system.ServiceMBeanSupport.start(ServiceMBeanSupport.java:192)
       at sun.reflect.GeneratedMethodAccessor5.invoke(Unknown Source)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:324)
       at org.jboss.mx.capability.ReflectedMBeanDispatcher.invoke(ReflectedMBeanDispatcher.java:284)
       at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:546)
       at org.jboss.system.ServiceController$ServiceProxy.invoke(ServiceController.java:976)
       at $Proxy0.start(Unknown Source)
       at org.jboss.system.ServiceController.start(ServiceController.java:394)
       at sun.reflect.GeneratedMethodAccessor6.invoke(Unknown Source)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:324)
       at org.jboss.mx.capability.ReflectedMBeanDispatcher.invoke(ReflectedMBeanDispatcher.java:284)
       at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:546)
       at org.jboss.mx.util.MBeanProxyExt.invoke(MBeanProxyExt.java:177)
       at $Proxy4.start(Unknown Source)
       at org.jboss.deployment.SARDeployer.start(SARDeployer.java:226)
       at org.jboss.deployment.MainDeployer.start(MainDeployer.java:832)
       at org.jboss.deployment.MainDeployer.deploy(MainDeployer.java:642)
       at org.jboss.deployment.MainDeployer.deploy(MainDeployer.java:605)
       at org.jboss.deployment.MainDeployer.deploy(MainDeployer.java:589)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:324)
       at org.jboss.mx.capability.ReflectedMBeanDispatcher.invoke(ReflectedMBeanDispatcher.java:284)
       at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:546)
       at org.jboss.mx.util.MBeanProxyExt.invoke(MBeanProxyExt.java:177)
       at $Proxy5.deploy(Unknown Source)
       at org.jboss.system.server.ServerImpl.doStart(ServerImpl.java:384)
       at org.jboss.system.server.ServerImpl.start(ServerImpl.java:291)
       at org.jboss.Main.boot(Main.java:150)
       at org.jboss.Main$1.run(Main.java:395)
       at java.lang.Thread.run(Thread.java:534)
      


      When I run with the second configuration I get the following error:

      LifecycleException: Protocol handler initialization failed: java.io.IOException: Keystore was tampered with, or passwor
      d was incorrect
       at org.apache.coyote.tomcat4.CoyoteConnector.initialize(CoyoteConnector.java:1158)
       at org.apache.catalina.startup.Embedded.start(Embedded.java:999)
       at org.jboss.web.tomcat.tc4.EmbeddedTomcatService.startService(EmbeddedTomcatService.java:273)
       at org.jboss.system.ServiceMBeanSupport.start(ServiceMBeanSupport.java:192)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:324)
       at org.jboss.mx.capability.ReflectedMBeanDispatcher.invoke(ReflectedMBeanDispatcher.java:284)
       at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:546)
       at org.jboss.system.ServiceController$ServiceProxy.invoke(ServiceController.java:976)
       at $Proxy15.start(Unknown Source)
       at org.jboss.system.ServiceController.start(ServiceController.java:394)
       at sun.reflect.GeneratedMethodAccessor6.invoke(Unknown Source)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:324)
       at org.jboss.mx.capability.ReflectedMBeanDispatcher.invoke(ReflectedMBeanDispatcher.java:284)
       at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:546)
       at org.jboss.mx.util.MBeanProxyExt.invoke(MBeanProxyExt.java:177)
       at $Proxy4.start(Unknown Source)
       at org.jboss.deployment.SARDeployer.start(SARDeployer.java:226)
       at org.jboss.deployment.MainDeployer.start(MainDeployer.java:832)
       at org.jboss.deployment.MainDeployer.deploy(MainDeployer.java:642)
       at org.jboss.deployment.MainDeployer.deploy(MainDeployer.java:605)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:324)
       at org.jboss.mx.capability.ReflectedMBeanDispatcher.invoke(ReflectedMBeanDispatcher.java:284)
       at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:546)
       at org.jboss.mx.util.MBeanProxyExt.invoke(MBeanProxyExt.java:177)
       at $Proxy6.deploy(Unknown Source)
       at org.jboss.deployment.scanner.URLDeploymentScanner.deploy(URLDeploymentScanner.java:302)
       at org.jboss.deployment.scanner.URLDeploymentScanner.scan(URLDeploymentScanner.java:476)
       at org.jboss.deployment.scanner.AbstractDeploymentScanner$ScannerThread.doScan(AbstractDeploymentScanner.java:20
      1)
       at org.jboss.deployment.scanner.AbstractDeploymentScanner.startService(AbstractDeploymentScanner.java:274)
       at org.jboss.system.ServiceMBeanSupport.start(ServiceMBeanSupport.java:192)
       at sun.reflect.GeneratedMethodAccessor5.invoke(Unknown Source)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:324)
       at org.jboss.mx.capability.ReflectedMBeanDispatcher.invoke(ReflectedMBeanDispatcher.java:284)
       at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:546)
       at org.jboss.system.ServiceController$ServiceProxy.invoke(ServiceController.java:976)
       at $Proxy0.start(Unknown Source)
       at org.jboss.system.ServiceController.start(ServiceController.java:394)
       at sun.reflect.GeneratedMethodAccessor6.invoke(Unknown Source)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:324)
       at org.jboss.mx.capability.ReflectedMBeanDispatcher.invoke(ReflectedMBeanDispatcher.java:284)
       at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:546)
       at org.jboss.mx.util.MBeanProxyExt.invoke(MBeanProxyExt.java:177)
       at $Proxy4.start(Unknown Source)
       at org.jboss.deployment.SARDeployer.start(SARDeployer.java:226)
       at org.jboss.deployment.MainDeployer.start(MainDeployer.java:832)
       at org.jboss.deployment.MainDeployer.deploy(MainDeployer.java:642)
       at org.jboss.deployment.MainDeployer.deploy(MainDeployer.java:605)
       at org.jboss.deployment.MainDeployer.deploy(MainDeployer.java:589)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:324)
       at org.jboss.mx.capability.ReflectedMBeanDispatcher.invoke(ReflectedMBeanDispatcher.java:284)
       at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:546)
       at org.jboss.mx.util.MBeanProxyExt.invoke(MBeanProxyExt.java:177)
       at $Proxy5.deploy(Unknown Source)
       at org.jboss.system.server.ServerImpl.doStart(ServerImpl.java:384)
       at org.jboss.system.server.ServerImpl.start(ServerImpl.java:291)
       at org.jboss.Main.boot(Main.java:150)
       at org.jboss.Main$1.run(Main.java:395)
       at java.lang.Thread.run(Thread.java:534)
      


      Does anyone know how to correctly set SSL up?

      Thanks in advance for the help!

      -- Carolyn

        • 1. Re: SSL Keystore Configuration
          arvind_rao Newbie

          I ran into the same issue with JBoss3.2.3 + Tomcat,

          I got it working by changing the

          <Factory className = "org.jboss.web.catalina.security.SSLServerSocketFactory"...
          to
          <Factory className = "org.jboss.web.tomcat.security.SSLServerSocketFactory"....

          in the <JBOSS_HOME>server\default\deploy\jbossweb-tomcat41.sar\META-INF\jboss-service.xml

          Hope this helps....
          --Arvind