JBoss Community

Problem of configuring SSL for Https in Jboss AS 7

created by kishore routhu in JBoss AS 7 Development - View the full discussion

Actually we are migrating from Jboss-4.2.2GA to Jboss As7 it is good to work

with Jboss As7 but the problem is that in Jboss-4.2.2GA the SSL is enabled

and working fine for HTTPS with port 8443 for given following configuration (1)

in Server.xml.

 

 

1. SSL Configuration for Https Secure port in Jboss-4.2.2 GA

   <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" 

              maxThreads="250" scheme="https" secure="true" 

              clientAuth="false" 

              strategy="ms" 

              address="${jboss.bind.address}" 

              keystoreFile="${jboss.server.home.dir}/conf/ssl/2013-cert/working/server.keystore"

              keystorePass="123456"

              keystoreType="pkcs12"

              sslProtocol="TLS"

              SSLHonorCipherOrder="On"

              ciphers="SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA"

  />

 

 

 

 

Where as in Jboss AS7 with given following configuration (2) in Standalone.xml when

start up jboss it throws the following error observed in server.log

 

2. SSL Configuration for Https Secure port in Jboss As7

<subsystem xmlns="urn:jboss:domain:web:1.1" default-virtual-server="default-host">

            <connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" redirect-port="8443" secure="true" max-connections="400">

                <ssl name="ssl" password="123456"

     certificate-key-file="/www/jboss7/standalone/configuration/ssl/ssl.domainname.crt"

     cipher-suite="SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA" protocol="TLSv1" verify-client="false"

                    verify-depth="10"

                    keystore-type="PKCS12"

                    truststore-type="PKCS12"/>

            </connector>

            <virtual-server name="default-host" enable-welcome-root="true">

                <alias name="localhost"/>

                <alias name="vela"/>

            </virtual-server>

        </subsystem>

 

 

 

 

RROR [org.apache.coyote.http11.Http11AprProtocol] (MSC service thread 1-2) Error initializing endpoint: java.lang.Exception: Unable to configure permitted SSL ciphers (error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher match)

          at org.apache.tomcat.jni.SSLContext.setCipherSuite(Native Method) [jbossweb-7.0.13.Final.jar:]

          at org.apache.tomcat.util.net.AprEndpoint.init(AprEndpoint.java:642) [jbossweb-7.0.13.Final.jar:]

          at org.apache.coyote.http11.Http11AprProtocol.init(Http11AprProtocol.java:121) [jbossweb-7.0.13.Final.jar:]

          at org.apache.catalina.connector.Connector.init(Connector.java:983) [jbossweb-7.0.13.Final.jar:]

          at org.jboss.as.web.WebConnectorService.start(WebConnectorService.java:267) [jboss-as-web-7.1.1.Final.jar:7.1.1.Final]

          at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1811) [jboss-msc-1.0.2.GA.jar:1.0.2.GA]

          at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1746) [jboss-msc-1.0.2.GA.jar:1.0.2.GA]

          at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [rt.jar:1.7.0_13]

          at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [rt.jar:1.7.0_13]

          at java.lang.Thread.run(Thread.java:722) [rt.jar:1.7.0_13]

 

 

07:00:50,361 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-2) MSC00001: Failed to start service jboss.web.connector.https: org.jboss.msc.service.StartException in service jboss.web.connector.https: JBAS018007: Error starting web connector

          at org.jboss.as.web.WebConnectorService.start(WebConnectorService.java:271)

          at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1811) [jboss-msc-1.0.2.GA.jar:1.0.2.GA]

          at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1746) [jboss-msc-1.0.2.GA.jar:1.0.2.GA]

          at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [rt.jar:1.7.0_13]

          at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [rt.jar:1.7.0_13]

          at java.lang.Thread.run(Thread.java:722) [rt.jar:1.7.0_13]

Caused by: LifecycleException:  Protocol handler initialization failed: java.lang.Exception: Unable to configure permitted SSL ciphers (error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher match)

          at org.apache.catalina.connector.Connector.init(Connector.java:985)

          at org.jboss.as.web.WebConnectorService.start(WebConnectorService.java:267)

          ... 5 more

 

  

Following is KeyStore information

====================================

> keytool -v -list -storetype PKCS12 -keystore server.keystore

Enter keystore password: 

 

 

Keystore type: PKCS12

Keystore provider: SunJSSE

 

 

Your keystore contains 1 entry

 

 

Alias name: 1

Creation date: Jun 5, 2013

Entry type: PrivateKeyEntry

Certificate chain length: 1

Certificate[1]:

 

 

 

 

Do i need any changes in configuration of Jboss AS7 to Successfully enable SSL in as compared to Jboss 4.2.2GA ?

 

 

what "keystoreFile" element in Jboss 4.2.2GA configuration represents and

what "certificate-key-file" element in Jboss AS7 configuration represents

These two represents same (i.e keystore) or different ?

 

 

Please suggest me for the above so that can move further.

 

 

Thank you in advance

Reply to this message by going to Community

Start a new discussion in JBoss AS 7 Development at Community