Skip to main content

SSL configuration in JBoss


To configure an SSL port with keystore , check the following steps:

1. Generate the keystore with the following command ( using the java keytool command)
keytool -genkey -alias tomcat -keyalg RSA -keystore NAME_OF_KEYSTORE -validity NUMBER_OF_DAYS
( For more details check the url http://download.oracle.com/javase/1.5.0/docs/tooldocs/windows/keytool.html )

2. Copy the file into the jboss/server/<NAME>/conf/ directory

3. Edit the server.xml in the following path
JBoss version 4.0.4 = jboss/server/<NAME>/deploy/jbossweb-tomcat55.sar/
JBoss version 4.2.2 = jboss/server/<NAME>/deploy/jboss-web.deployer/

4. For JBOSS 4.0.4 the SSL-connector should be configured like:

<!– SSL/TLS Connector configuration using the admin devl guide keystore     –>
<Connector port=”THE_PORT_YOU_LIKE” address=”${jboss.bind.address}”
maxThreads=”100? strategy=”ms” maxHttpHeaderSize=”8192?
emptySessionPath=”true”
scheme=”https” secure=”true” clientAuth=”false”
keystoreFile=”${jboss.server.home.dir}/conf/THE_KEYSTORE_NAME”
keystorePass=”PASSWORD_FOR_THE_KEYSTORE” sslProtocol = “TLS” />

For JBOSS 4.2.2, configure it like this:

<Connector port=”THE_PORT_YOU_LIKE” protocol=”HTTP/1.1? SSLEnabled=”true”
maxThreads=”150? scheme=”https” secure=”true”
clientAuth=”false”
strategy=”ms”
address=”${jboss.bind.address}”
keystoreFile=”${jboss.server.home.dir}/conf/THE_KEYSTORE_NAME”
keystorePass=”PASSWORD_FOR_THE_KEYSTORE”
truststoreFile=”${jboss.server.home.dir}/conf/THE_KEYSTORE_NAME”
truststorePass=”PASSWORD_FOR_THE_KEYSTORE”
sslProtocol=”TLS”/>

5. Now you should be able to access your application through https. Remember to use https:// instead of http:// in your browser-url, or else it will fail.

6. If you want to disable the non-secured port 8080, comment and disable that connector in the same server.xml.

7. Example for jboss-4.0.5.GA
jboss-4.0.5.GA\server\<application>\deploy\jbossweb-tomcat55.sar\server.xml

<!– SSL/TLS Connector configuration using the admin devl guide keystore –>
<Connector port=”8443? address=”${jboss.bind.address}”
maxThreads=”100? strategy=”ms” maxHttpHeaderSize=”8192?
emptySessionPath=”true”
scheme=”https” secure=”true” clientAuth=”false”
keystoreFile=”${jboss.server.home.dir}/conf/my.keystore”
keystorePass=”pwd123? sslProtocol = “TLS” />
Labels:

Comments

Post a Comment

Popular posts from this blog

ATG Product Catalog schema ER diagram

Check out the O rder schema ER-Diagram @   http://tips4ufromsony.blogspot.in/2012/02/atg-order-schema-er-diagram.html Check out the User Profile  schema ER-Diagram @ http://tips4ufromsony.blogspot.in/2012/03/atg-user-profile-schema-er-diagram.html If you would like to know the relationship between different Product Catalog tables, please find below screen shots of  Product Catalog schema ER Diagrams.
3 comments
Read more

ATG search installation and search engine log files

Here I would like to explain how your ATG search folder structure looks like after you do the ATG search installation and also about the search engine log files. To get the ATG search, you need to install the ATGSearch<version>Windows.exe after you do the ATG installation. When you install ATG search, the generated folders include an OS dependant folder. In the below screen shot, you could see the "i686-win32-vc71" folder and this is generated since the ATG search ins installed in a windows machine. The ATG search engine is actually an exe file inside this "i686-win32-vc71" folder. Below screen shot give you an idea about the "atgsearch.exe", which is the search engine application. This search engine application (atgsearch.exe) is started by a remote launcher call from the BCC search administration UI.  The log files like "atgsearch_20120106112413_568.log" are the search engine log files where you could see the engine ...
2 comments
Read more

ATG Search architectural flow : Search and Index

I would like to explain the high level ATG Search implementation architecture ( for an online store) through the above diagram. In this diagram 1.x denotes the search functionality and 2.x denotes the indexing functionality. I have given JBoss as the application server. Physical Boxes and Application Servers in the diagram ( as recommended by ATG )  : Estore ( Commerce ) Box --> The box with the estore/site ear (with the site JSPs and Java codes). Search Engine Box --> The box with the search engine application running. Indexing Engine Box --> The box with the indexing engine application running. CA (Content Administration) Box --> The box with the ATG CA ear ( where we could take CA -BCC - Search Administration and configure the search projects) . Search Indexer Box --> The box with the ATG Search Index ear ( to fetch the index data from repository). Note that the engine performing indexing will need access ...
7 comments
Read more

ATG Search - search engine tuning settings

In this blog, I am going to list the best tuning settings for ATG Search engine. The AESoapConfig.xml, AESoapWaspConfig.xml  and AEConfig.xml are the xmls referred below and you can find it @  <ATG_DIR>\<Searchx.x>\SearchEngine\<operating_system>\bin\ folder. (1)  Make sure that the AESoapConfig.xml's rwTimeout is less than or equal to routing's readTimeoutMs. You could find the routing's readTimeoutMs @ atg\search\routing\SearchEngineService component.               rwTimeout is the  length of time in seconds to wait before a read or write operation times out on an active connection. The number can be decreased to improve performance. However, a value that is too low could cause slow connections to be prematurely closed. (2)  Adjust the number of engine threads to match the number of CPUs available to the engine. Note that the minimal value for maxThreads and maxSpar...
Post a Comment
Read more

Google Chrome shortcut keys

If you are a Google Chromey guy, please find below the list of shortcut keys for some of the most used features  :-) Find more shortcut keys @  http://www.google.com/support/chrome/bin/static.py?page=guide.cs&guide=25799&topic=28650
4 comments
Read more