[jboss-user] [Security & JAAS/JBoss] - Unable to connect via SSL port
sagimann
do-not-reply at jboss.com
Tue Aug 5 10:19:21 EDT 2008
Hi all,
Seems like something as simple as setting up SSL for JBoss 4.2.2 is something I am unalbe to perform :-(
I've created a keystore:
| keytool -genkey -keystore serverkey.jks -storetype jks -storepass changeit -alias tomcat
| What is your first and last name?
| [Unknown]: jboss
| What is the name of your organizational unit?
| [Unknown]: orgunit
| What is the name of your organization?
| [Unknown]: org
| What is the name of your City or Locality?
| [Unknown]: city
| What is the name of your State or Province?
| [Unknown]: state
| What is the two-letter country code for this unit?
| [Unknown]: st
| Is CN=jboss, OU=orgunit, O=org, L=city, ST=state, C=st correc
| [no]: yes
|
| Enter key password for <tomcat>
| (RETURN if same as keystore password): changeit
|
I configured the connector in:
V:\tmp\jboss-4.2.2.GA\server\default\deploy\jboss-web.deployer\server.xml:
| <Connector port="8181" protocol="HTTP/1.1" SSLEnabled="true"
| maxHttpHeaderSize="8192"
| emptySessionPath="true"
| maxThreads="150" scheme="https" secure="true"
| clientAuth="false" strategy="ms"
| address="${jboss.bind.address}"
| sslProtocol="TLS"
| keystoreFile="${jboss.server.home.dir}/conf/serverkey.jks"
| keystorePass="changeit"
| truststoreFile="${jboss.server.home.dir}/conf/servertrust.jks"
| truststorePass="password"
| />
|
then I simply run jboss using:
run -b 0.0.0.0
and try to access jboss homepage via the browser:
https://myhost:8181
and I immediately get "Internet Explorer cannot display the webpage".
The non-SSL homepage is fine: http://myhost:8080
netstat -aon | findstr LISTEN | findstr <jboss PID> yields everything double, I don't know why:
| TCP 0.0.0.0:1098 0.0.0.0:0 LISTENING 3156
| TCP 0.0.0.0:1099 0.0.0.0:0 LISTENING 3156
| TCP 0.0.0.0:4444 0.0.0.0:0 LISTENING 3156
| TCP 0.0.0.0:4445 0.0.0.0:0 LISTENING 3156
| TCP 0.0.0.0:4446 0.0.0.0:0 LISTENING 3156
| TCP 0.0.0.0:8009 0.0.0.0:0 LISTENING 3156
| TCP 0.0.0.0:8080 0.0.0.0:0 LISTENING 3156
| TCP 0.0.0.0:8093 0.0.0.0:0 LISTENING 3156
| TCP 0.0.0.0:8181 0.0.0.0:0 LISTENING 3156
| TCP 0.0.0.0:18083 0.0.0.0:0 LISTENING 3156
| TCP 0.0.0.0:64330 0.0.0.0:0 LISTENING 3156
| TCP 0.0.0.0:64331 0.0.0.0:0 LISTENING 3156
| TCP 0.0.0.0:64333 0.0.0.0:0 LISTENING 3156
| TCP 192.168.1.4:3873 0.0.0.0:0 LISTENING 3156
| TCP [::]:1098 [::]:0 LISTENING 3156
| TCP [::]:1099 [::]:0 LISTENING 3156
| TCP [::]:4444 [::]:0 LISTENING 3156
| TCP [::]:4445 [::]:0 LISTENING 3156
| TCP [::]:4446 [::]:0 LISTENING 3156
| TCP [::]:8009 [::]:0 LISTENING 3156
| TCP [::]:8080 [::]:0 LISTENING 3156
| TCP [::]:8093 [::]:0 LISTENING 3156
| TCP [::]:8181 [::]:0 LISTENING 3156
| TCP [::]:18083 [::]:0 LISTENING 3156
| TCP [::]:64330 [::]:0 LISTENING 3156
| TCP [::]:64331 [::]:0 LISTENING 3156
| TCP [::]:64333 [::]:0 LISTENING 3156
|
I also have GlassFish v2 installed on the same box, and if I shut down Jboss and start GlassFish (same ssl port), I can reach the GF homepage without any problems. So it's not a Firewall issue.
any ideas why SSL is not working properly and how to diagnose this?
thanks.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4168768#4168768
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4168768
More information about the jboss-user
mailing list