Using SSL Certificates with JBoss 4 and Tomca…

Introduction
You want to use CA (Certificate Authority) signed SSL certificate in your JBoss setup.
This document describes how I got it to work with JBoss 4 and the integrated Tomcat 5.5
server.
There are a few documents on JBoss and SSL, I found not one telling me exactly what to do
but got information from each document.
Tips:
- You don't need to setup openssl as described in many documents
- You don't need to alter allot of files, just comment out one part in server.xml (see below)
- You can and should use other aliases then 'tomcat'
- Skip documentation about JBoss and SSL look at the Jakarta Tomcat documentation.
Setting up JBoss 4
The installation is beyond the scope of this document. Make sure JBoss is installed,
running and that you have a application deployed (and working)
Make the keystore
Java uses a keystore to .... store the keys (duh?). You need one so create one using the
Java keytool:
Note: the alias name you use here is for the first cert you are going to use so
choose carefully
# keytool -genkey -alias [alias name] -keyalg RSA -keystore [server.keystore] -validity 3650
Enter keystore password:  [password]
    What is your first and last name?
      [Unknown]:  www.myhost.com
    What is the name of your organizational unit?
      [Unknown]:  Some dot com
    What is the name of your organization?
      [Unknown]:  Security
    What is the name of your City or Locality?
      [Unknown]:  SomeCity
    What is the name of your State or Province?
      [Unknown]:  SomeState
    What is the two-letter country code for this unit?
      [Unknown]:  US
    Is CN=www.myhost.com, OU=Some dot com, O=Security, L=SomeCity, ST=SomeState, C=US correct?
      [no]:  yes
    Enter key password for
            (RETURN if same as keystore password):
!!!! YOU MUST USE THE SAME KEYSTORE PASSWORD AS KEY PASSWORD DO NOT USE DIFFERENT PASSWORDS !!!!!!
(this is a bug in Tomcat)
   
The CN part (first and last name) is strangely where you need to put your domain name
because your browser will check it against the domain name entered. So this needs to
exactly match the domain name for which you are requesting a certificate.
Make sure you create the keystore in a useful place or copy it afterwards. We will use
this location as example:
/usr/local/jobss4/server/[project]/conf
Enabling SSL for your project
Edit /usr/local/jboss4/server/[project]/deploy/jbossweb-tomcat55.sar/server/xml

标签：

版权申明：本站文章部分自网络，如有侵权，请联系：west999com@outlook.com
特别注意：本站所有转载文章言论不代表本站观点，本站所提供的摄影照片，插画，设计作品，如需使用，请与原作者联系，版权归原作者所有