• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Paul Clapham
  • Tim Cooke
  • Devaka Cooray
Sheriffs:
  • Liutauras Vilda
  • paul wheaton
  • Rob Spoor
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • Piet Souris
  • Mikalai Zaikin
Bartenders:
  • Carey Brown
  • Roland Mueller

Enabling SSL on JBoss

 
Greenhorn
Posts: 15
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I am trying to enable SSL on JBoss on My local machine. Did following things:

1) create the self-signed certificate using keytool.exe in the <java_home>/jre/bin directory

C:\jrockit-R27.4.0-jdk1.5.0_12\jre\bin>keytool -genkey -alias tomcat -keyalg RSA

Enter keystore password: tdemand
What is your first and last name?
[Unknown]: Puja Mantri
What is the name of your organizational unit?
[Unknown]: EBU
What is the name of your organization?
[Unknown]: Persistent
What is the name of your City or Locality?
[Unknown]: Pune
What is the name of your State or Province?
[Unknown]: Maharashtra
What is the two-letter country code for this unit?
[Unknown]: IN
Is CN=Puja Mantri, OU=EBU, O=Persistent, L=Pune, ST=Maharashtra, C=IN correct?
[no]: yes

Enter key password for <tomcat>
(RETURN if same as keystore password):
jrockit-R27.4.0-jdk1.5.0_12\jre\bin>


2) move the self-signed certificate to a JBoss directory:

Renamed the .kestore file to tdemand.kestore and moved it to the conf directory.

3) edit the Tomcat configuration file to turn on SSL

In the file <jboss_server_home_dir>\jboss-web.deployer\server.xml uncommented following section and made some changes as follows:

<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false"
address="${jboss.bind.address}"
keystoreFile="${jboss.server.home.dir}/conf/tdemand.keystore"
keystorePass="tdemand"
truststoreFile="${jboss.server.home.dir}/conf/tdemand.keystore"
sslProtocol="TLS" />


After this restarted the JBoss server.

But still not able to access the application url using https. Any pointers to this would be appreciated. Thanks in advance.

-Puja

 
Sheriff
Posts: 10445
227
IntelliJ IDE Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
What error do you get when you access https://localhost:8443/appName
 
Puja Mantri
Greenhorn
Posts: 15
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks.. I got the problem I was accessing the application URL with the 8080 port. Accesing the application with 8443 port solved the problem. Now I am able to access the URL and login to the application. But the application URL shows the certificate Error.

"The security certificate presented by this website has errors. This problem may indicate the attempt to fool you or intercept any data you send to the server."

How do we install the SSL certificate? Do we have to buy the SSL certificate from some vendor (e.g. Verisign)?
 
Puja Mantri
Greenhorn
Posts: 15
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Certificate error is because I have created the Self-signed certificate

One change while creating self-signed certificate give the URL name as answer for the following questions:
What is your first and last name?

This is the name of website for which the certificate is issued.
 
Jaikiran Pai
Sheriff
Posts: 10445
227
IntelliJ IDE Ubuntu
  • Likes 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Puja Mantri wrote:

Do we have to buy the SSL certificate from some vendor (e.g. Verisign)?



Typically yes. See this
 
Roses are red, violets are blue. Some poems rhyme and some don't. And some poems are a tiny ad.
We need your help - Coderanch server fundraiser
https://coderanch.com/wiki/782867/Coderanch-server-fundraiser
reply
    Bookmark Topic Watch Topic
  • New Topic