[jboss-user] [Security & JAAS/JBoss] - Encrypt KeyStore-Password in a Tomcat-Connetctor for 4.2.3.G
isc-hoa
do-not-reply at jboss.com
Mon Feb 16 10:51:35 EST 2009
Hi there
I'm having a question about setting up SSL for a JBoss-4.2.3GA:
I was able to configure the following connector-entry in the Tomcat server.xml:
<Connector protocol="org.apache.coyote.http11.Http11Protocol"
| port="8443" minSpareThreads="5" maxSpareThreads="75"
| enableLookups="true" disableUploadTimeout="true"
| acceptCount="100" maxThreads="200"
| scheme="https" secure="true" SSLEnabled="true"
| keystoreFile="${jboss.server.home.dir}/conf/server.keystore"
| keystorePass="12345678"
| truststoreFile="${jboss.server.home.dir}/conf/server.truststore"
| truststorePass="12345678"
| clientAuth="want" sslProtocol="TLS"/>
With this entry, SSL works fine. Unfortunately, I was not happy with the password in plain text. So I tried to setup a connector with encrypted password as described in
http://www.jboss.org/community/docs/DOC-9702
My Connector:
<Connector port="8443" address="${jboss.bind.address}"
| maxThreads="100" minSpareThreads="5" maxSpareThreads="15"
| scheme="https" secure="true" clientAuth="want"
| sslProtocol = "TLS"
| securityDomain="java:/jaas/encrypt-keystore-password"
| SSLImplementation="org.jboss.net.ssl.JBossImplementation" >
I also added the entries in security-service.xml and the jboss-web.deployer\META-INF\jboss-service.xml as described in the wiki.
I can start the JBoss without any exceptions or errors, http is working fine, but when I'm sending a https-request, I'm running into a time-out. There are still no warnings or excpetions. The JBoss or the Tomcat just does not response...
Hint: When I change the value SSLImplementation to "whatTheHell", I still got no exception! No "NoClassDefFoundError" or something like that... Is this attribute still valid in 4.2.3?
Is there something special to foresee with JBoss-4.2.3.GA?
Thanks for helping!
Cheers
Andre
View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4210396#4210396
Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4210396
More information about the jboss-user
mailing list