-
1. Re: JMS over SSL
adrian.brock Mar 5, 2004 2:30 PM (in response to rmathew)If you have jboss-3.2.3:
you can find an example ssl configuration in docs/examples/jms
jms over http is already deployed by default, but you'll need configure https
for tomcat and use the https naming factory in your jndi.properties.
Regards,
Adrian -
2. Re: JMS over SSL
rmathew Mar 8, 2004 2:51 PM (in response to rmathew)Hi Adrian, thanks a lot. I am kinda lost here. As I said, I got basic messaging in place. Would be grateful if you could point me to some resource which would give me step by step info on how to go abt using HTTPS.
I did buy the admin guide, but it does not tell me how/where to specify use of the HTTP Invocation Layer.
Thanks a lot. -
3. Re: JMS over SSL
adrian.brock Mar 8, 2004 3:02 PM (in response to rmathew)The http invocation layer is bound at: HTTPConnectionFactory in jndi
If you also want to use JNDI over HTTP you need to use the
HTTPNamingContextFactory - there are examples with the book.
Once you have that working, you will need to configure SSL on the server
and the client.
If you are just want a tcp/ip connection using ssl look at the misnamed
docs/examples/jms/https-service.xml
Regards,
Adrian -
4. Re: JMS over SSL
rmathew Mar 9, 2004 1:48 PM (in response to rmathew)Hey,
Adrian, thanks a lot for your prompt replies. So let me get this str8.
i) all i need to get the lookup over http is to use the httpconnectionfactory in the properties file?
ii) all i need to use JMS over http is to do something like this?
TopicConnectionFactory cF= (TopicConnectionFactory)jndi.lookup("HTTPXAConnectionFactory");
And I am up and running?
Shall get to https later :-)
Thanks a lot,
Rajesh -
5. Re: JMS over SSL
rmathew Mar 10, 2004 3:28 PM (in response to rmathew)Hi,
I have JNDI and JMS running over HTTP. All fine. But I would like to move on to HTTPS and am facing problems. Any help would be gr8. Kinda stuck. I have modified the SSl connector configuration in jboss-service.xml in jbossweb-tomcat41.sar\META-INF
Its now as shown below.
************************************************************
Connector className = "org.apache.coyote.tomcat4.CoyoteConnector"
address="" port = "8443" scheme = "https" secure = "true">
Factory className = "org.apache.coyote.tomcat4.CoyoteServerSocketFactory"
keystoreFile="/conf/server.keystore"
keystorePass="changeit"
protocol = "TLS"/>
************************************************************
I am able to telnet into my machine on port 8443 from another machine, and when i start up the browser and try going to
https://192.168.x.y:8443/ from that remote machine, it shows up the "Security Alert" prompting me abt the certificate, though it goes on to say
"HTTP Status 500 - No Context configured to process this request", which shouldnt be a problem I guess. Atleast the server is accepting https reuqests.
However, when I startup my JMS client and try to connect to the server, I get the following exception, when I try to do a JNDI lookup using the file
jndi.properties shown below
javax.naming.NamingException: Failed to retrieve Naming interface [Root exception is java.io.IOException]
jndi.properties
************************************************************
#java.naming.provider.url=http://192.168.3.42:8080/invoker/JNDIFactory
java.naming.provider.url=https://192.168.3.42:8443/invoker/JNDIFactory
java.naming.factory.initial=org.jboss.naming.HttpNamingContextFactory
java.naming.factory.url.pkgs=org.jboss.naming:org.jnp.interfaces
************************************************************
The JNDI lookup works with the http line tho if the https one is commented.
I would be grateful if someone could guide me along a lil.
Thanks a lot,
Rajesh Mathew. -
6. Re: JMS over SSL
alt_amit Feb 16, 2005 3:47 PM (in response to rmathew)I know it's been a year since the last post, but here are some things that should be done:
the certificate should be stored back to the cacerts repository on the server, so server authentication doesnt throw exception
use host ip not name if that's how the HTTPServerILService is configured.
use correct keystoretype
disable client auth, if not doing so (server auth should be enough)
Add the following in client code:
HostnameVerifier hv = new HostnameVerifier() {
public boolean verify(String urlHostName, SSLSession session) {
System.out.println("Warning: URL Host: "+urlHostName+" vs. "+session.getPeerHost());
return true;
}
};
HttpsURLConnection.setDefaultHostnameVerifier(hv);