kishore routhu [
https://community.jboss.org/people/kishorerouthu] created the discussion
"Problem of configuring SSL for Https in Jboss AS 7"
To view the discussion, visit:
https://community.jboss.org/message/821464#821464
--------------------------------------------------------------
Actually we are migrating from Jboss-4.2.2GA to Jboss As7 it is good to work
with Jboss As7 but the problem is that in Jboss-4.2.2GA the SSL is enabled
and working fine for HTTPS with port 8443 for given following configuration (1)
in Server.xml.
1. SSL Configuration for Https Secure port in *Jboss-4.2.2 GA*
<Connector port="8443" protocol="HTTP/1.1"
SSLEnabled="true"
maxThreads="250" scheme="https" secure="true"
clientAuth="false"
strategy="ms"
address="${jboss.bind.address}"
*
keystoreFile="${jboss.server.home.dir}/conf/ssl/2013-cert/working/server.keystore"*
keystorePass="123456"
keystoreType="pkcs12"
sslProtocol="TLS"
SSLHonorCipherOrder="On"
ciphers="SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA"
/>
Where as in *Jboss AS7* with given following configuration (2) in Standalone.xml when
start up jboss it throws the following error observed in server.log
2. SSL Configuration for Https Secure port in Jboss As7
<subsystem xmlns="urn:jboss:domain:web:1.1"
default-virtual-server="default-host">
<connector name="https" protocol="HTTP/1.1"
scheme="https" socket-binding="https" redirect-port="8443"
secure="true" max-connections="400">
<ssl name="ssl" password="123456"
*
certificate-key-file="/www/jboss7/standalone/configuration/ssl/ssl.domainname.crt"*
cipher-suite="SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA"
protocol="TLSv1" verify-client="false"
verify-depth="10"
keystore-type="PKCS12"
truststore-type="PKCS12"/>
</connector>
<virtual-server name="default-host"
enable-welcome-root="true">
<alias name="localhost"/>
<alias name="vela"/>
</virtual-server>
</subsystem>
RROR [org.apache.coyote.http11.Http11AprProtocol] (MSC service thread 1-2) Error
initializing endpoint: java.lang.Exception: Unable to configure permitted SSL ciphers
(error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher match)
at org.apache.tomcat.jni.SSLContext.setCipherSuite(Native Method)
[jbossweb-7.0.13.Final.jar:]
at org.apache.tomcat.util.net.AprEndpoint.init(AprEndpoint.java:642)
[jbossweb-7.0.13.Final.jar:]
at org.apache.coyote.http11.Http11AprProtocol.init(Http11AprProtocol.java:121)
[jbossweb-7.0.13.Final.jar:]
at org.apache.catalina.connector.Connector.init(Connector.java:983)
[jbossweb-7.0.13.Final.jar:]
at org.jboss.as.web.WebConnectorService.start(WebConnectorService.java:267)
[jboss-as-web-7.1.1.Final.jar:7.1.1.Final]
at
org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1811)
[jboss-msc-1.0.2.GA.jar:1.0.2.GA]
at
org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1746)
[jboss-msc-1.0.2.GA.jar:1.0.2.GA]
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
[rt.jar:1.7.0_13]
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
[rt.jar:1.7.0_13]
at java.lang.Thread.run(Thread.java:722) [rt.jar:1.7.0_13]
07:00:50,361 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-2) MSC00001: Failed
to start service jboss.web.connector.https: org.jboss.msc.service.StartException in
service jboss.web.connector.https: JBAS018007: Error starting web connector
at org.jboss.as.web.WebConnectorService.start(WebConnectorService.java:271)
at
org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1811)
[jboss-msc-1.0.2.GA.jar:1.0.2.GA]
at
org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1746)
[jboss-msc-1.0.2.GA.jar:1.0.2.GA]
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
[rt.jar:1.7.0_13]
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
[rt.jar:1.7.0_13]
at java.lang.Thread.run(Thread.java:722) [rt.jar:1.7.0_13]
Caused by: LifecycleException: Protocol handler initialization failed:
java.lang.Exception: Unable to configure permitted SSL ciphers (error:1410D0B9:SSL
routines:SSL_CTX_set_cipher_list:no cipher match)
at org.apache.catalina.connector.Connector.init(Connector.java:985)
at org.jboss.as.web.WebConnectorService.start(WebConnectorService.java:267)
... 5 more
Following is KeyStore information
====================================
keytool -v -list -storetype PKCS12 -keystore server.keystore
Enter keystore password:
Keystore type: PKCS12
Keystore provider: SunJSSE
Your keystore contains 1 entry
Alias name: 1
Creation date: Jun 5, 2013
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Do i need any changes in configuration of Jboss AS7 to Successfully enable SSL in as
compared to Jboss 4.2.2GA ?
what "keystoreFile" element in Jboss 4.2.2GA configuration represents and
what "certificate-key-file" element in Jboss AS7 configuration represents
These two represents same (i.e keystore) or different ?
Please suggest me for the above so that can move further.
Thank you in advance
--------------------------------------------------------------
Reply to this message by going to Community
[
https://community.jboss.org/message/821464#821464]
Start a new discussion in JBoss AS 7 Development at Community
[
https://community.jboss.org/choose-container!input.jspa?contentType=1&...]