Hello, I'm trying to setup and configure JBoss 3.2.5 to run over SSL and NOT standard port 8080.
I've looked all over the net and have found a 'few' guides, only to be kinda off from what I"m doing. Also, all the research shows that Tomcat 4.0 is in 2.3.5. However, I "believe" mine's got TomCat 5.0 (downloaded from jboss.com).
Here's what I did and what not. However, no such luck. Any advice would be GREATLY appricated. The "actual" values are left out for company reasons. However, the exacty 'step' was performed.
Okay the steps performed were the ones located at:
First of all, we are going to make a keystore. This is the place we are
going to store the keys in on the serverside. We will use the Java-tool
keytool for this. The algorithm used here is RSA.
The value alias name was replaced with "company"
At the selected directory:
keytool -genkey -alias <alias name> -keyalg RSA -keystore ./name.keystore
Fill in all the information that is asked.
A keystore with the name name.keystore is generated.
Then we have to make a Certificate Signing Request (CSR) for the
Certificate Authority. We can get this signed by a certifying authority
like verisign or thwate
keytool -certreq -keystore ./name.keystore -alias <alias name> -file < CSR
Enter the keystore password.
A < CSR file name>.csr file is generated.
If you are getting the CSR signed by a certifying authority, then skip the
If you are using going to sign using your own CSR by using, for example,
OpenSSL, then the steps are:
(This assumes that you are working on a Linux machine with OpenSSL, which
can be obtained from www.openssl.org. Follow the procedure to install
To Sign the certificate:
Make a new directory:
Copy openssl.cnf and CA.sh
from the OpenSSL apps directory to your new directory (newCA)
cp ../../openssl-0.9.6a/apps/openssl.cnf newCA/
cp ../../openssl-0.9.6a/apps/CA.sh newCA/
Edit your new copy of openssl.cnf and CA.sh:
Set the dir variable to the current directory
dir . # (... Specifies current directory where everything is kept)
Set the CATOP variable to the current directory:
CATOP=. # (... Specifies current directory where everything is kept)
Create the certificates for Certification Authority:
chmod 744 CA.sh (only if necessary)
Send the < CSR file name>.csr file to Certification authority and Creating
cp < CSR file name>.csr /usr/local/newCA
or ftp the < CSR file name>.csr file to the m/c acting as CA.
Create the certificate
openssl x509 -req -in < CSR file name>.csr -out <pem file name>.pem -CA
cacert.pem -CAkey private/cakey.pem -CAcreateserial -days 365 -outform PEM
Optionally convert the server certificate from PEM encoding to DER for
distributing to Clients:
openssl x509 -inform pem -outform der < cacert.pem > cacert.cer
We receive two files, cacert.der, containing the CA's public key and a
file <pem file name>.pem, containing the public key signed by the CA using
the CA's private key. I will now import these two files into my keystore
(the order is important!):
****This is where shit gets interesting****
keytool -import -alias <alias name> -file cacert.der -keystore
The file name "cacert.der" isn't created from ANY of the above commands.
Not sure what crack pipe they smoke from.
However, it 'does' create the file "cacert.cer". Thinking this is a
possible typo I did the above command with
cacert.cer instead of cacert.der. Volia it worked!
keytool -import -alias <alias name> -file <pem file name>.pem -keystore
Okay, I did this and it complained that the "alias name" has already been
added. So, I went ahead and made a "company2" alias which added fine.
It asks you to move the following files:
Into the $JAVA_HOME/jre/lib/ext directory.
Now, there's 'three' versions of these files all which reside in the :
All of which are the same size. So, I decided to use the 'default' one to
Tomcat over SSL (HTTPS)
If we have Tomcat running as a jBoss service, we need to make a few
changes in some configuration files:
We want JaasSecurityDomain as SecurityManagerClass instead of
JaasSecurityManager, so we need to change this in the file:
<!-- JAAS security manager and realm mapping -->
Add the below lines after the paragraph mentioned above in jboss-service.xml
put the path to your name.keystore file
put your name.keystore password
This is the final step: We remove the Connector that listens on port 8080
and replace it by one that listens on port 8443
Which DOES NOT exist that's a bogus deal.
I *believe* /opt/jboss-3.2.5/server/default/deploy/jbossweb-tomcat50.sar
is the directory you want to look at and the file: server.xml
Now this is what "the guide" has:
<!-- A HTTP Connector on port 8080 -->
Which looks different then what was in the actual file. Which is:
<!-- A HTTP/1.1 Connector on port 8080 -->
<!-- A AJP 1.3 Connector on port 8009 -->
<!-- SSL/TLS Connector configuration using the admin devl guide
When I start it I get the following errors:
14:03:11,314 WARN [JaasSecurityManagerService] Failed to locate auth CachePolicy at: java:/timedCacheFactory for securityDoma
It's accessable via http://:8080 just not via https at either 8080 or 8443.
Thanks for any help on this!