Configuring SSL on JBoss

Hi

I am trying to figure out how I can configure my webapp to use SSL on JBoss. Here are a couple of references I am looking at-

http://community.jboss.org/wiki/sslsetup

http://www.jboss.org/file-access/default/members/jbossweb/freezone/docs/latest/ssl-howto.html

I am working on jboss-4.2.2.GA.

The first reference above refers to file jbossweb-tomcat41.sar/META-INF/jboss-service.xml where keystore file details have to be updated.

The second reference above refers to $CATALINA_HOME/conf/server.xml file for configuring the secure socket by updating the keystore information.

My question is- for the version of JBoss I am using (jboss-4.2.2.GA), I am unable to find any of these config files. Can someone help me identify the file I need to modify for updating the keystore information in it?

Thank you
Neelesh

For JBoss AS-4.2.x, the file can be found at JBOSS_HOME/server/< servername>/deploy/jboss-web.deployer/server.xml

Neelesh A Korade wrote:Hi

I am trying to figure out how I can configure my webapp to use SSL on JBoss. Here are a couple of references I am looking at-

http://community.jboss.org/wiki/sslsetup

http://www.jboss.org/file-access/default/members/jbossweb/freezone/docs/latest/ssl-howto.html

I am working on jboss-4.2.2.GA.

The first reference above refers to file jbossweb-tomcat41.sar/META-INF/jboss-service.xml where keystore file details have to be updated.

The second reference above refers to $CATALINA_HOME/conf/server.xml file for configuring the secure socket by updating the keystore information.

My question is- for the version of JBoss I am using (jboss-4.2.2.GA), I am unable to find any of these config files. Can someone help me identify the file I need to modify for updating the keystore information in it?

Thank you
Neelesh

Hi Neelesh,
the configuration file you are talking about is located in your distribution here:
jboss-4.2.2.GA\server\default\deploy\jboss-web.deployer\server.xml

There you need to reference the keystore you've formerly created.
If you want to see some development examples of secure JBoss applications, you might consider having a look at the book I'm promoting this week which contains two chapters about it.
kind regards
Francesco

Thank you Francesco and Jai for all your help. My problem is solved.

I've been using a self-signed certificate to test an SSL connection from JBoss. One reference I found, http://www.ja-sig.org/wiki/display/CASUM/HOWTO+Configure+JBoss+for+HTTPS, stated I should be running JBoss with the option
-Djavax.net.ssl.trustStore="<C:/yourServerLocation>/server/default/conf/server.keystore" and also have the server.keystore declared in the server.xml file under the 8443 section.

I've found that the command line option overrides the JVM cacerts file- meaning that certificates stored in the JVM security cacerts won't be found and a SSL handshake exception occurs when accessing pages requiring those certificates. I tried storing those certificates in the server.keystore but the JVM couldn't read them.

I later found that the command line option is not necessary for JBoss but can be used to specify the location of the JVM certificates if not in the default location. JBoss seems perfectly happy to use what's in the server.xml declaration.

Bottom line - there appears to be a lot of confusion as to how to setup JBoss for SSL and the relationship to the JVM certificates. What I would really like to do is just use a single keystore for all certicates independent of the current JVM and JBoss versions. Any suggestions?