Skip to main content

SSL configuration in JBoss


To configure an SSL port with keystore , check the following steps:

1. Generate the keystore with the following command ( using the java keytool command)
keytool -genkey -alias tomcat -keyalg RSA -keystore NAME_OF_KEYSTORE -validity NUMBER_OF_DAYS
( For more details check the url http://download.oracle.com/javase/1.5.0/docs/tooldocs/windows/keytool.html )

2. Copy the file into the jboss/server/<NAME>/conf/ directory

3. Edit the server.xml in the following path
JBoss version 4.0.4 = jboss/server/<NAME>/deploy/jbossweb-tomcat55.sar/
JBoss version 4.2.2 = jboss/server/<NAME>/deploy/jboss-web.deployer/

4. For JBOSS 4.0.4 the SSL-connector should be configured like:

<!– SSL/TLS Connector configuration using the admin devl guide keystore     –>
<Connector port=”THE_PORT_YOU_LIKE” address=”${jboss.bind.address}”
maxThreads=”100? strategy=”ms” maxHttpHeaderSize=”8192?
emptySessionPath=”true”
scheme=”https” secure=”true” clientAuth=”false”
keystoreFile=”${jboss.server.home.dir}/conf/THE_KEYSTORE_NAME”
keystorePass=”PASSWORD_FOR_THE_KEYSTORE” sslProtocol = “TLS” />

For JBOSS 4.2.2, configure it like this:

<Connector port=”THE_PORT_YOU_LIKE” protocol=”HTTP/1.1? SSLEnabled=”true”
maxThreads=”150? scheme=”https” secure=”true”
clientAuth=”false”
strategy=”ms”
address=”${jboss.bind.address}”
keystoreFile=”${jboss.server.home.dir}/conf/THE_KEYSTORE_NAME”
keystorePass=”PASSWORD_FOR_THE_KEYSTORE”
truststoreFile=”${jboss.server.home.dir}/conf/THE_KEYSTORE_NAME”
truststorePass=”PASSWORD_FOR_THE_KEYSTORE”
sslProtocol=”TLS”/>

5. Now you should be able to access your application through https. Remember to use https:// instead of http:// in your browser-url, or else it will fail.

6. If you want to disable the non-secured port 8080, comment and disable that connector in the same server.xml.

7. Example for jboss-4.0.5.GA
jboss-4.0.5.GA\server\<application>\deploy\jbossweb-tomcat55.sar\server.xml

<!– SSL/TLS Connector configuration using the admin devl guide keystore –>
<Connector port=”8443? address=”${jboss.bind.address}”
maxThreads=”100? strategy=”ms” maxHttpHeaderSize=”8192?
emptySessionPath=”true”
scheme=”https” secure=”true” clientAuth=”false”
keystoreFile=”${jboss.server.home.dir}/conf/my.keystore”
keystorePass=”pwd123? sslProtocol = “TLS” />
Labels:

Comments

Post a Comment

Popular posts from this blog

ATG - more about Forms and Form Handlers

An ATG form is defined by the dsp:form tag, which typically encloses DSP tags that specify form elements, such as dsp:input that provide direct access to Nucleus component properties. Find below a sample dsp:form tag.    <dsp:form action="/testPages/showPersonProperties.jsp" method="post" target="_top">      <p>Name: <dsp:input bean="/samples/Person.name" type="text"/>      <p>Age: <dsp:input bean="/samples/Person.age" type="text" value="30"/>      <p><dsp:input type="submit" bean="/samples/Person.submit"/> value="Click to submit"/>    </dsp:form>   When the user submits the form, the /samples/Person.name property is set to the value entered in the input field.Unlike standard HTML, which requires the name attribute for most input tags; the name attribute is optional for DSP form element tags. If an input tag omits the n...
11 comments
Read more

Search Facets - how to create a new search facets in ATG Search

A Facet is a search refinement element that corresponds to a property of a commerce item type. ATG supports the search result refinement using the Faceted Search concept. Read more about facted search @  http://en.wikipedia.org/wiki/Faceted_search . Facet can either be ranges or specific values. Each facet is stored in the RefinementRepository as a separate refineElement repository item. Facets are divided into Global and Local facets. Global facets apply to all the categories and local facets only to the category in which they are created. For example Price/Brand can be considered as the facets that are common for all skus and New Release/Coming Soon can be considered as the facets that are specific to Physical Media products like Vidoe/DVD/Blue-ray/Books. We can use the ATG BCC - Merchandising UI to create facets. The Faceting Property depends on the meta-properties defined in the \atg\commerce\search\product-catalog-output-config.xml ( the def...
4 comments
Read more

Basic design decisions for a commerce search setup ( with an ATG Search view)

In this blog I would like to explain the basic set of configuration/design decisions needed to setup an ATG search project. Most of these design decisions are common for all Enterprise search applications. 1. Decide the searchable properties :   This means the properties that the business want the user to search in the ecommerce platform. In ATG search these are configured as the text properties in the product-catalog-output-config.xml ( the definitionFile of the \atg\commerce\search\ProductCatalogOutputConfig). Usually the displayName of product/sku, displayName of department/category/sub-category, skuId, brandName are the properties configured as searchable. 2. Decide the search refinement properties or the faceted properties :   After a user search for a keyword, search refinement is the next step done to filter his results. ATG supports the search refinement using the Faceted Search concept. Read more about facted search @...
6 comments
Read more

ATG Product Catalog schema ER diagram

Check out the O rder schema ER-Diagram @   http://tips4ufromsony.blogspot.in/2012/02/atg-order-schema-er-diagram.html Check out the User Profile  schema ER-Diagram @ http://tips4ufromsony.blogspot.in/2012/03/atg-user-profile-schema-er-diagram.html If you would like to know the relationship between different Product Catalog tables, please find below screen shots of  Product Catalog schema ER Diagrams.
3 comments
Read more

ATG Search and Search engine activity log

We could use the SearchEngineActivity log files to get the request/response to the search engine from a commerce instance. This folder is located in each commerce instance or the instances from which the call to the search engine is done. The SearchEngineActivity log file folder can be configured @ SearchEngineService component ( /dyn/admin/nucleus/atg/search/routing/SearchEngineService). To get the log files for the search engine calls, you need to specify the SearchEngineService.dumpingRequests as true. Then you need to specify the engineActivityPath as the folder in which you need the SearchEngineActivity logs. Below you could find my SearchEngineActivity log folder. Each successful call to the search engine from the commerce instance will create 5 files in the SearchEngineActivity folder : namely  request, response, search engineinfo, stack trace and response row . Each file name start with a specific sequence. You ...
1 comment
Read more