[jboss-user] [JBoss Web Services] - Re: Call web services with different certificates

Thu Mar 1 03:29:06 EST 2012

Oskar Carlstedt [https://community.jboss.org/people/oskar.carlstedt] created the discussion

"Re: Call web services with different certificates"

To view the discussion, visit: https://community.jboss.org/message/720792#720792

--------------------------------------------------------------
Hi all,

this will not answer your question directly but a strong (or even super strong) recommendation is to not expose your JBoss instance to the public at all. JBoss is full with a lot of useful functionality, but that will also make JBoss more unsecure. A faster solution (read more performant, believe me or not) is to setup an Apache HTTPD server using mod_proxy directed to your JBoss. Then you configure and terminate your SSL request in the Apache HTTPD. If you really need SSL on your internal network I suggest you to setup a local instance of the Apache HTTPD and make the proxy call to localhost to not expose the proxy traffic on the network. Why do this?

1. Apache HTTPD is much faster than JBoss in serving HTTP(S) and SSL (it is mainly written for forwarding HTTP)
2. Using Apache HTTPD as a proxy is more or less the standard way of doing such things you are asking for
3. Apache HTTPD is much more secure due to less functionality. Used with a few modules, Apache HTTPD is one of the most secure market standard web server software.
3. Apache HTTPD  is a standard product that may be organized by your hosing partner/department from a standard view.

Note! If you don't like Apache HTTP you might have a look at nginx (www.nginx.org) that is smaller and even faster than Apache HTTPD.

So, this is not a direct answer to your question, but I hope it help you solving your problem.

Best regards,
Oskar

PS...
I'm writing this tip because I believe that many people think that shall configure things in JBoss just because they _can_ do it in JBoss, but I do not always agree with that kind of thinking. I like to use market standards, as much as I can so other people can take care of what I've done when I hand over my solution to the hosting partner. DS.
--------------------------------------------------------------

Reply to this message by going to Community
[https://community.jboss.org/message/720792#720792]

Start a new discussion in JBoss Web Services at Community
[https://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2044]

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/jboss-user/attachments/20120301/3e4327d6/attachment.html 