Wednesday, August 18, 2010

SSL and JBOSS : Baby Steps

I am not sure how many of you have visited http://24x7-java.blogspot.com/ and felt good.

You'll find lots of pages describing the process of enabling ssl on JBoss, but many of them explain in a way which it too technical. The intention here is to let everyone do it easily (on windows OS).

So describing it in baby steps

Q. What you need?

A. JDK and JBoss


Step 1. Open command prompt and goto bin directory under JDK (not jre) and execute

keytool -genkey -alias tomcat -keyalg RSA

(if you have JAVA_HOME/bin in your system path then you can just execute the above command on the prompt ).

You'll be prompted for the following and fill as per your need.


Enter keystore password:
Re-enter new password:
What is your first and last name?
[Unknown]: Sunil

What is the name of your organizational unit?
[Unknown]: development

What is the name of your organization?
[Unknown]: test

What is the name of your City or Locality?
[Unknown]: Shimla

What is the name of your State or Province?
[Unknown]: HP

What is the two-letter country code for this unit?
[Unknown]: IN

Is CN=Sunil, OU=development, O=test, L=Shimla, ST=HP, C=IN correct?
[no]: Yes

Enter key password for
(RETURN if same as keystore password):

Keep the key password same as your keystore for ease.


Step 2. Copy the default keystore created in your C:\Documents and Settings\<currently-loggedin-user>.keystore
to
<drivepath>:\jboss\server\default\conf and rename it to my.keystore


Step 3. Edit file
<drivepath>:\jboss\server\default\deploy\jboss-web.deployer\server.xml or
<drivepath>:\jboss\server\default\deploy\jbossweb-tomcat55.sar\server.xml depending on the version of jBoss and make the following changes.


<Connector port="443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false"
strategy="ms"
address="${jboss.bind.address}"
keystoreFile="${jboss.server.home.dir}/conf/my.keystore"
keystorePass="keypassword"
truststoreFile="${jboss.server.home.dir}/conf/my.keystore"
truststorePass="keypassword"
sslProtocol="TLS"/>


Step 4. Start you jboss run -c default and thats all. Your application will now be avaliable on both http:// and https:// . If you want to disable http:// Comment the tag below in server.xml


<Connector port="80" address="${jboss.bind.address}"
maxThreads="250" maxHttpHeaderSize="8192"
emptySessionPath="true" protocol="HTTP/1.1"
enableLookups="false" redirectPort="443" acceptCount="100"
connectionTimeout="20000" disableUploadTimeout="true" />


The Connector port is by default 8080.




Computer never makes mistake ... its always the human part
-S
Posted by at
Labels: , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)