Skip to main content

SSL configuration in JBoss


To configure an SSL port with keystore , check the following steps:

1. Generate the keystore with the following command ( using the java keytool command)
keytool -genkey -alias tomcat -keyalg RSA -keystore NAME_OF_KEYSTORE -validity NUMBER_OF_DAYS
( For more details check the url http://download.oracle.com/javase/1.5.0/docs/tooldocs/windows/keytool.html )

2. Copy the file into the jboss/server/<NAME>/conf/ directory

3. Edit the server.xml in the following path
JBoss version 4.0.4 = jboss/server/<NAME>/deploy/jbossweb-tomcat55.sar/
JBoss version 4.2.2 = jboss/server/<NAME>/deploy/jboss-web.deployer/

4. For JBOSS 4.0.4 the SSL-connector should be configured like:

<!– SSL/TLS Connector configuration using the admin devl guide keystore     –>
<Connector port=”THE_PORT_YOU_LIKE” address=”${jboss.bind.address}”
maxThreads=”100? strategy=”ms” maxHttpHeaderSize=”8192?
emptySessionPath=”true”
scheme=”https” secure=”true” clientAuth=”false”
keystoreFile=”${jboss.server.home.dir}/conf/THE_KEYSTORE_NAME”
keystorePass=”PASSWORD_FOR_THE_KEYSTORE” sslProtocol = “TLS” />

For JBOSS 4.2.2, configure it like this:

<Connector port=”THE_PORT_YOU_LIKE” protocol=”HTTP/1.1? SSLEnabled=”true”
maxThreads=”150? scheme=”https” secure=”true”
clientAuth=”false”
strategy=”ms”
address=”${jboss.bind.address}”
keystoreFile=”${jboss.server.home.dir}/conf/THE_KEYSTORE_NAME”
keystorePass=”PASSWORD_FOR_THE_KEYSTORE”
truststoreFile=”${jboss.server.home.dir}/conf/THE_KEYSTORE_NAME”
truststorePass=”PASSWORD_FOR_THE_KEYSTORE”
sslProtocol=”TLS”/>

5. Now you should be able to access your application through https. Remember to use https:// instead of http:// in your browser-url, or else it will fail.

6. If you want to disable the non-secured port 8080, comment and disable that connector in the same server.xml.

7. Example for jboss-4.0.5.GA
jboss-4.0.5.GA\server\<application>\deploy\jbossweb-tomcat55.sar\server.xml

<!– SSL/TLS Connector configuration using the admin devl guide keystore –>
<Connector port=”8443? address=”${jboss.bind.address}”
maxThreads=”100? strategy=”ms” maxHttpHeaderSize=”8192?
emptySessionPath=”true”
scheme=”https” secure=”true” clientAuth=”false”
keystoreFile=”${jboss.server.home.dir}/conf/my.keystore”
keystorePass=”pwd123? sslProtocol = “TLS” />
Labels:

Comments

Post a Comment

Popular posts from this blog

How can we use SOAP UI to test ATG search

The call from the ATG commerce instance ( Estore instance ) to the search engine is done using the SOAP protocol. Read more about this architecture @  http://tips4ufromsony.blogspot.com/2011/11/atg-search-architectural-flow-search.html . If you have a SOAP UI tool (get it from @  http://www.soapui.org/ ), you could test the request/response from the search engine. You could find the wsdl for this SOAP in the folder in which your ATG search engine is installed. Below screen shot has the deatils of the wsdl : To call the search engine you need to know the port in which the search engine is running. You could get it from the SearchEngineService component of the commerce instance @ /dyn/admin/nucleus/atg/search/routing/SearchEngineService/.  Once you have these details, you could call the search engine with a sample request and a query string to get the response.
Post a Comment
Read more

Mozilla FireFox - how to add security certificate exception urls

If you visit a web site with a secure connection(https) and if the website's security certificate has some problem like the security certificate presented by the website was not issued by a trusted certificate authority  or  the security certificate has expired or is not yet valid, you will get an error page ( like below in IE ) with an option to continue to this website. When this non secure page is loading, in Internet Explorer, you will get an option to specify whether you need to download the page content files like JS, CSS, Images,... But you will not get such an option in FireFox/Chrome and could see only the text data in this new non secure page. If you are doing some local development with FireFox/Chrome and have such a situation, you might want to override this security restriction. FireFox provides some exception url list in secure certificates menu. Go to Options - Advanced - Encryption - View Certificates and click the exception list and...
Post a Comment
Read more

Quick Reference to JAVA Servlets

I am writing these quick reference blogs for those who wants to brushup the ideas of each topic. This one will lead you through the basic concepts of JAVA Servlets. How this quick reference guideline is different from the numerous other docs available ?  ,  please read on to get an idea : Servlet Lifecycle : The container will identify the servlet based on the URL Servlet class loading Servlet instantaition Call init method Create a servlet thread for the current request. Before calling service(), will create the request and response objects Call service method Service method will identify whether to call doGet or doPost and call it Call destroy method Different servlet objects : A sinlge servlet instance per JVM ( except for SingleTheadModel) A sinlge HttpSession per web application ( session activation and passivation) A sinlge ServletContext per JVM A sinlge ServletConfig per servlet A sinlge ServletRequest per servlet request Important Servlet rq...
Post a Comment
Read more

Search Facets - how to create a new search facets in ATG Search

A Facet is a search refinement element that corresponds to a property of a commerce item type. ATG supports the search result refinement using the Faceted Search concept. Read more about facted search @  http://en.wikipedia.org/wiki/Faceted_search . Facet can either be ranges or specific values. Each facet is stored in the RefinementRepository as a separate refineElement repository item. Facets are divided into Global and Local facets. Global facets apply to all the categories and local facets only to the category in which they are created. For example Price/Brand can be considered as the facets that are common for all skus and New Release/Coming Soon can be considered as the facets that are specific to Physical Media products like Vidoe/DVD/Blue-ray/Books. We can use the ATG BCC - Merchandising UI to create facets. The Faceting Property depends on the meta-properties defined in the \atg\commerce\search\product-catalog-output-config.xml ( the def...
4 comments
Read more

Google Chrome shortcut keys

If you are a Google Chromey guy, please find below the list of shortcut keys for some of the most used features  :-) Find more shortcut keys @  http://www.google.com/support/chrome/bin/static.py?page=guide.cs&guide=25799&topic=28650
4 comments
Read more