[jboss-user] [Security & JAAS/JBoss] - Encrypt KeyStore-Password in a Tomcat-Connetctor for 4.2.3.G

isc-hoa do-not-reply at jboss.com
Mon Feb 16 10:51:35 EST 2009 

Hi there

I'm having a question about setting up SSL for a JBoss-4.2.3GA:

I was able to configure the following connector-entry in the Tomcat server.xml:

<Connector protocol="org.apache.coyote.http11.Http11Protocol"
  |            port="8443" minSpareThreads="5" maxSpareThreads="75"
  |            enableLookups="true" disableUploadTimeout="true" 
  |            acceptCount="100"  maxThreads="200"
  |            scheme="https" secure="true" SSLEnabled="true"
  |            keystoreFile="${jboss.server.home.dir}/conf/server.keystore"
  |            keystorePass="12345678"
  |            truststoreFile="${jboss.server.home.dir}/conf/server.truststore"
  |            truststorePass="12345678"
  |            clientAuth="want" sslProtocol="TLS"/>

With this entry, SSL works fine.  Unfortunately, I was not happy with the password in plain text. So I tried to setup a connector with encrypted password as described in

http://www.jboss.org/community/docs/DOC-9702

My Connector:

<Connector port="8443" address="${jboss.bind.address}"
  |            maxThreads="100" minSpareThreads="5" maxSpareThreads="15"
  |            scheme="https" secure="true" clientAuth="want"
  |          sslProtocol = "TLS" 
  |          securityDomain="java:/jaas/encrypt-keystore-password"
  |          SSLImplementation="org.jboss.net.ssl.JBossImplementation" >

I also added the entries in security-service.xml and the jboss-web.deployer\META-INF\jboss-service.xml as described in the wiki.

I can start the JBoss without any exceptions or errors, http is working fine, but when I'm sending a https-request, I'm running into a time-out. There are still no warnings or excpetions. The JBoss or the Tomcat just does not response...

Hint: When I change the value SSLImplementation to "whatTheHell", I still got no exception! No "NoClassDefFoundError" or something like that... Is this attribute still valid in 4.2.3?

Is there something special to foresee with JBoss-4.2.3.GA?

Thanks for helping!

Cheers

Andre


View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4210396#4210396

Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4210396

More information about the jboss-user mailing list