<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<body link="#355491" alink="#4262a1" vlink="#355491" style="background: #e2e2e2; margin: 0; padding: 20px;">
<div>
<table cellpadding="0" bgcolor="#FFFFFF" border="0" cellspacing="0" style="border: 1px solid #dadada; margin-bottom: 30px; width: 100%; -moz-border-radius: 6px; -webkit-border-radius: 6px;">
<tbody>
<tr>
<td>
<table border="0" cellpadding="0" cellspacing="0" bgcolor="#FFFFFF" style="border: solid 2px #ccc; background: #dadada; width: 100%; -moz-border-radius: 6px; -webkit-border-radius: 6px;">
<tbody>
<tr>
<td bgcolor="#000000" valign="middle" height="58px" style="border-bottom: 1px solid #ccc; padding: 20px; -moz-border-radius-topleft: 3px; -moz-border-radius-topright: 3px; -webkit-border-top-right-radius: 5px; -webkit-border-top-left-radius: 5px;">
<h1 style="color: #333333; font: bold 22px Arial, Helvetica, sans-serif; margin: 0; display: block !important;">
<!-- To have a header image/logo replace the name below with your img tag -->
<!-- Email clients will render the images when the message is read so any image -->
<!-- must be made available on a public server, so that all recipients can load the image. -->
<a href="https://community.jboss.org/index.jspa" style="text-decoration: none; color: #E1E1E1">JBoss Community</a></h1>
</td>
</tr>
<tr>
<td bgcolor="#FFFFFF" style="font: normal 12px Arial, Helvetica, sans-serif; color:#333333; padding: 20px; -moz-border-radius-bottomleft: 4px; -moz-border-radius-bottomright: 4px; -webkit-border-bottom-right-radius: 5px; -webkit-border-bottom-left-radius: 5px;"><h3 style="margin: 10px 0 5px; font-size: 17px; font-weight: normal;">
Problem of configuring SSL for Https in Jboss AS 7
</h3>
<span style="margin-bottom: 10px;">
created by <a href="https://community.jboss.org/people/kishorerouthu">kishore routhu</a> in <i>JBoss AS 7 Development</i> - <a href="https://community.jboss.org/message/821464#821464">View the full discussion</a>
</span>
<hr style="margin: 20px 0; border: none; background-color: #dadada; height: 1px;">
<div class="jive-rendered-content"><p>Actually we are migrating from Jboss-4.2.2GA to Jboss As7 it is good to work</p><p>with Jboss As7 but the problem is that in Jboss-4.2.2GA the SSL is enabled</p><p>and working fine for HTTPS with port 8443 for given following configuration (1)</p><p>in Server.xml. </p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>1. SSL Configuration for Https Secure port in <strong>Jboss-4.2.2 GA</strong></p><p>   <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"  </p><p>              maxThreads="250" scheme="https" secure="true"  </p><p>              clientAuth="false"  </p><p>              strategy="ms"  </p><p>              address="${jboss.bind.address}"  </p><p>           <strong>   keystoreFile="${jboss.server.home.dir}/conf/ssl/2013-cert/working/server.keystore"</strong></p><p>              keystorePass="123456" </p><p>              keystoreType="pkcs12"</p><p>              sslProtocol="TLS"</p><p>              SSLHonorCipherOrder="On"</p><p>              ciphers="SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA"</p><p>  /></p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>Where as in <strong>Jboss AS7</strong> with given following configuration (2) in Standalone.xml when</p><p>start up jboss it throws the following error observed in server.log</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p> 2. SSL Configuration for Https Secure port in Jboss As7</p><p><subsystem xmlns="urn:jboss:domain:web:1.1" default-virtual-server="default-host"></p><p>            <connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" redirect-port="8443" secure="true" max-connections="400"></p><p>                <ssl name="ssl" password="123456"</p><p>   <strong>  certificate-key-file="/www/jboss7/standalone/configuration/ssl/ssl.domainname.crt" </strong></p><p>     cipher-suite="SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA" protocol="TLSv1" verify-client="false" </p><p>                    verify-depth="10" </p><p>                    keystore-type="PKCS12" </p><p>                    truststore-type="PKCS12"/></p><p>            </connector></p><p>            <virtual-server name="default-host" enable-welcome-root="true"></p><p>                <alias name="localhost"/></p><p>                <alias name="vela"/></p><p>            </virtual-server></p><p>        </subsystem></p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>RROR [org.apache.coyote.http11.Http11AprProtocol] (MSC service thread 1-2) Error initializing endpoint: java.lang.Exception: Unable to configure permitted SSL ciphers (error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher match)</p><p>          at org.apache.tomcat.jni.SSLContext.setCipherSuite(Native Method) [jbossweb-7.0.13.Final.jar:]</p><p>          at org.apache.tomcat.util.net.AprEndpoint.init(AprEndpoint.java:642) [jbossweb-7.0.13.Final.jar:]</p><p>          at org.apache.coyote.http11.Http11AprProtocol.init(Http11AprProtocol.java:121) [jbossweb-7.0.13.Final.jar:]</p><p>          at org.apache.catalina.connector.Connector.init(Connector.java:983) [jbossweb-7.0.13.Final.jar:]</p><p>          at org.jboss.as.web.WebConnectorService.start(WebConnectorService.java:267) [jboss-as-web-7.1.1.Final.jar:7.1.1.Final]</p><p>          at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1811) [jboss-msc-1.0.2.GA.jar:1.0.2.GA]</p><p>          at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1746) [jboss-msc-1.0.2.GA.jar:1.0.2.GA]</p><p>          at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [rt.jar:1.7.0_13]</p><p>          at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [rt.jar:1.7.0_13]</p><p>          at java.lang.Thread.run(Thread.java:722) [rt.jar:1.7.0_13]</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>07:00:50,361 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-2) MSC00001: Failed to start service jboss.web.connector.https: org.jboss.msc.service.StartException in service jboss.web.connector.https: JBAS018007: Error starting web connector</p><p>          at org.jboss.as.web.WebConnectorService.start(WebConnectorService.java:271)</p><p>          at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1811) [jboss-msc-1.0.2.GA.jar:1.0.2.GA]</p><p>          at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1746) [jboss-msc-1.0.2.GA.jar:1.0.2.GA]</p><p>          at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [rt.jar:1.7.0_13]</p><p>          at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [rt.jar:1.7.0_13]</p><p>          at java.lang.Thread.run(Thread.java:722) [rt.jar:1.7.0_13]</p><p>Caused by: LifecycleException:  Protocol handler initialization failed: java.lang.Exception: Unable to configure permitted SSL ciphers (error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher match)</p><p>          at org.apache.catalina.connector.Connector.init(Connector.java:985)</p><p>          at org.jboss.as.web.WebConnectorService.start(WebConnectorService.java:267)</p><p>          ... 5 more</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>   </p><p>Following is KeyStore information</p><p>====================================</p><p>> keytool -v -list -storetype PKCS12 -keystore server.keystore </p><p>Enter keystore password:  </p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>Keystore type: PKCS12</p><p>Keystore provider: SunJSSE</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>Your keystore contains 1 entry</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>Alias name: 1</p><p>Creation date: Jun 5, 2013</p><p>Entry type: PrivateKeyEntry</p><p>Certificate chain length: 1</p><p>Certificate[1]:</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>Do i need any changes in configuration of Jboss AS7 to Successfully enable SSL in as compared to Jboss 4.2.2GA ?</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>what "keystoreFile" element in Jboss 4.2.2GA configuration represents and </p><p>what "certificate-key-file" element in Jboss AS7 configuration represents </p><p>These two represents same (i.e keystore) or different ?</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>Please suggest me for the above so that can move further.</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>Thank you in advance</p></div>
<div style="background-color: #f4f4f4; padding: 10px; margin-top: 20px;">
<p style="margin: 0;">Reply to this message by <a href="https://community.jboss.org/message/821464#821464">going to Community</a></p>
<p style="margin: 0;">Start a new discussion in JBoss AS 7 Development at <a href="https://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2225">Community</a></p>
</div></td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
</div>
</body>
</html>