Hello JavaRanch,
I'm new here!
I'm using jboss-as-distribution-6.0.0.20100429-M3 + WS (axis 1.4)
I have to provide a secure way to transmit data from client to server. I've read that SSL with mutual authentication is a good way to provide it. But, if any body has a better sugestion on how to do it, let me know.
I'm trying to configure mutual authentication with BaseCertLoginModule
over SSL, but I'm getting the following errors:
**************************************************************************************
error at server side
17:19:26,812 DEBUG [org.apache.tomcat.util.net.JIoEndpoint] Handshake failed: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
at com.sun.net.ssl.internal.ssl.InputRecord.handleUnknownRecord(InputRecord.java:523) [:1.6]
at com.sun.net.ssl.internal.ssl.InputRecord.read(InputRecord.java:355) [:1.6]
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:789) [:1.6]
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1120) [:1.6]
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1147) [:1.6]
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1131) [:1.6]
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.handshake(JSSESocketFactory.java:186)
at org.apache.tomcat.util.net.JIoEndpoint.setSocketOptions(JIoEndpoint.java:1143)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:951)
at java.lang.Thread.run(Thread.java:619) [:1.6.0_20]
error at client side
java.net.SocketException: Software caused connection abort: socket write error
**************************************************************************************
Here follows my configuration files
script to generate the keys
**************************************************************************************
set SERVER_DN="CN=server, OU=X, O=Y, L=Z, S=XY, C=YZ"
set CLIENT_DN="CN=client, OU=X, O=Y, L=Z, S=XY, C=YZ"
set KSDEFAULTS=-storepass changeit -storetype JKS
set KEYINFO=-keyalg RSA
keytool -genkey -dname %SERVER_DN% %KSDEFAULTS% -keystore server.ks %KEYINFO% -keypass changeit
keytool -export -file temp$.cer %KSDEFAULTS% -keystore server.ks
keytool -import -file temp$.cer %KSDEFAULTS% -keystore client.ts -alias serverkey -noprompt
keytool -genkey -dname %CLIENT_DN% %KSDEFAULTS% -keystore client.ks %KEYINFO% -keypass changeit
keytool -export -file temp$.cer %KSDEFAULTS% -keystore client.ks
keytool -import -file temp$.cer %KSDEFAULTS% -keystore server.ts -alias clientkey -noprompt
**************************************************************************************
file:${jboss.server.home.dir}/conf/server.ks
**************************************************************************************
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 1 entry
Alias name: mykey
Creation date: 17/01/2011
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=server, OU=X, O=Y, L=Z, ST=XY, C=YZ
Issuer: CN=server, OU=X, O=Y, L=Z, ST=XY, C=YZ
Serial number: 4d34949e
Valid from: Mon Jan 17 17:12:30 BRST 2011 until: Sun Apr 17 16:12:30 BRT 2011
Certificate fingerprints:
MD5: 5A:56:DD:D8:5B:9E:94:55:77:7E:70:D3:AE:E5:0B:C5
SHA1: 14:B3:95:33:E7:D2:F3:BB:94:DA:E9:1C:38:8A:9F:03:1B:35:4E:8C
Signature algorithm name: SHA1withRSA
Version: 3
**************************************************************************************
file/${jboss.server.home.dir}/conf/server.ts
**************************************************************************************
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 1 entry
Alias name: clientkey
Creation date: 17/01/2011
Entry type: trustedCertEntry
Owner: CN=client, OU=X, O=Y, L=Z, ST=XY, C=YZ
Issuer: CN=client, OU=X, O=Y, L=Z, ST=XY, C=YZ
Serial number: 4d34949f
Valid from: Mon Jan 17 17:12:31 BRST 2011 until: Sun Apr 17 16:12:31 BRT 2011
Certificate fingerprints:
MD5: B2:C1:C8:9A:BB:84:F0:79:03:68:91:89:20:EC:85:CF
SHA1: C5:BC:7A:7D:E6:0E:5E:D4:1F:D9:BC:56:D3:91:20:A3:25:09:B2:2A
Signature algorithm name: SHA1withRSA
Version: 3
**************************************************************************************
file:c:/client.ks
**************************************************************************************
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 1 entry
Alias name: mykey
Creation date: 17/01/2011
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=client, OU=X, O=Y, L=Z, ST=XY, C=YZ
Issuer: CN=client, OU=X, O=Y, L=Z, ST=XY, C=YZ
Serial number: 4d3469a5
Valid from: Mon Jan 17 14:09:09 BRST 2011 until: Sun Apr 17 13:09:09 BRT 2011
Certificate fingerprints:
MD5: 91:57:82:07:38:34:C5:1F:AB:5C:0D:51:65:DB:5B:B0
SHA1: 7D:12:14:E1:75:78:E3:79:1B:62:B6:A3:17:A9:FA:11:51:A7:69:06
Signature algorithm name: SHA1withRSA
Version: 3
**************************************************************************************
file:c:/client.ts
**************************************************************************************
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 1 entry
Alias name: serverkey
Creation date: 17/01/2011
Entry type: trustedCertEntry
Owner: CN=server, OU=X, O=Y, L=Z, ST=XY, C=YZ
Issuer: CN=server, OU=X, O=Y, L=Z, ST=XY, C=YZ
Serial number: 4d3469a4
Valid from: Mon Jan 17 14:09:08 BRST 2011 until: Sun Apr 17 13:09:08 BRT 2011
Certificate fingerprints:
MD5: 99:9F:51:27:BA:40:C1:91:14:B6:1B:36:EB:39:4F:57
SHA1: 7A:98:0E:B5:99:2A:4A:41:6D:CC:D3:90:4D:AB:3A:93:81:87:AE:B8
Signature algorithm name: SHA1withRSA
Version: 3
**************************************************************************************
file:${jboss.server.home.dir}/deploy/interligation-service.xml
**************************************************************************************
**************************************************************************************
file:${jboss.server.home.dir}/deploy/jbossweb.sar/server.xml
**************************************************************************************
**************************************************************************************
file:${jboss.server.home.dir}/conf/login-config.xml
**************************************************************************************
**************************************************************************************
file:${jboss.server.home.dir}/conf/props/interligation-users.properties
**************************************************************************************
CN\=server,\ OU\=X,\ O\=Y,\ L\=Z,\ ST\=XY,\ C\=YZ=JBossAdmin
admin=JBossAdmin
**************************************************************************************
file:${jboss.server.home.dir}/conf/props/interligation-roles.properties
**************************************************************************************
admin=JBossAdmin,HttpInvoker
**************************************************************************************
file:$webapp/WebContent/web.xml
**************************************************************************************
**************************************************************************************
file:$webapp/WebContent/jboss-web.xml
**************************************************************************************
**************************************************************************************
file:$clientapp/client-config.wsdd
**************************************************************************************
**************************************************************************************
Thanks for advice,
Alan