[jboss-user] [JBoss Portal] - Re: Unable to use WSRP over SSL for self producer
Chris:
Thanks for your help - I got it to work :-)
My original post had a typo (my apologies) - I am actually using https://localhost:8443 in
jboss-portal.sar/portal-wsrp.sar/default-wsrp.xml.
I think the thing that fixed this for me was to add the following to the JAVA_OPTS in
bin/run.conf:
-Dorg.jboss.security.ignoreHttpsHost=true
Also
"chris.laprun(a)jboss.com" wrote : Any reason you're not using 2.6.4 and
4.2.2?
I haven't upgraded to the recommended versions due to time constraints. I have seen
some of the WSRP fixes that have occurred in recent versions, and I'll recommend the
upgrade to my customer.
Per your recommendations (and for the benefit of others) here's what I did to
configure WSRP over SSL:
- Create a keystore and a server certificate. It's important that the cn matches the
hostname/domain of the JBoss Portal (for me it was localhost): keytool -alias serverCert
-keyalg RSA -validity 730 -keystore server.keystore -dname
cn=localhost,o=org,ou=orgunit,l=location,st=state,c=country -keypass password -storepass
password
keytool -export -alias serverCert -keystore server.keystore -storepass password -file
server.cer
- Copy server.keystore and server.cer to server/default/conf
- Add the following to bin/run.conf:
JAVA_OPTS="$JAVA_OPTS
-Djavax.net.ssl.trustStore=/fully/qualified/path/to/server.keystore
| -Djavax.net.ssl.trustStorePassword=password
| -Dorg.jboss.security.ignoreHttpsHost=true"
- Configure another SSL/TLS connector in the Tomcat config file that is used by JBoss Web
(at server/default/deploy/jboss-web.deployer/server.xml) We're adding a new connector
- leave the existing connector in place:
<Connector port="8443" protocol="HTTP/1.1"
SSLEnabled="true"
| maxThreads="150" scheme="https" secure="true"
| clientAuth="false" sslProtocol="TLS"
| keystoreFile="/fully/qualified/path/to/server.keystore"
| keystorePass="password" />
- Update server/default/deploy/jboss-portal.sar/portal-wsrp.sar/default-wsrp.xml.
Comment-out the "self" wsrp-producer deployment on your non-SSL port, and add
the following:
| <deployment>
| <wsrp-producer id="self" expiration-cache="300">
| <endpoint-config>
|
<service-description-url>https://localhost:8443/portal-wsrp/ServiceDescriptionService</service-description-url>
|
<markup-url>https://localhost:8443/portal-wsrp/MarkupService</markup-url>
|
<registration-url>https://localhost:8443/portal-wsrp/RegistrationService</registration-url>
|
<portlet-management-url>https://localhost:8443/portal-wsrp/PortletManagementService</portlet-management-url>
| </endpoint-config>
| <registration-data/>
| </wsrp-producer>
| </deployment>
|
- If you need to turn on SSL debugging, add the following to bin/run.conf:
JAVA_OPTS="$JAVA_OPTS -Djavax.net.debug=ssl,handshake"
- (Re)start JBoss. You may have to save and refresh the settings for the "self"
WSRP producer from the JBoss Admin WSRP tab.
- Import the server.cer certificate into your browser's authorities to inform your
browser that the server certificate is trusted.
- You should be able to access JBoss over SSL at https://localhost:8443/portal
Dan
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4136759#...
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...