[jboss-user] [JBoss Portal] - Re: Unable to use WSRP over SSL for self producer

dkc do-not-reply at jboss.com
Fri Mar 14 12:14:43 EDT 2008

Thanks for your help - I got it to work :-)

My original post had a typo (my apologies) - I am actually using https://localhost:8443 in jboss-portal.sar/portal-wsrp.sar/default-wsrp.xml.

I think the thing that fixed this for me was to add the following to the JAVA_OPTS in bin/run.conf:

"chris.laprun at jboss.com" wrote : Any reason you're not using 2.6.4 and 4.2.2?
I haven't upgraded to the recommended versions due to time constraints.  I have seen some of the WSRP fixes that have occurred in recent versions, and I'll recommend the upgrade to my customer.

Per your recommendations (and for the benefit of others) here's what I did to configure WSRP over SSL:
- Create a keystore and a server certificate.  It's important that the cn matches the hostname/domain of the JBoss Portal (for me it was localhost): keytool -alias serverCert -keyalg RSA -validity 730 -keystore server.keystore -dname cn=localhost,o=org,ou=orgunit,l=location,st=state,c=country -keypass password -storepass password
keytool -export -alias serverCert -keystore server.keystore -storepass password -file server.cer

- Copy server.keystore and server.cer to server/default/conf

- Add the following to bin/run.conf:
JAVA_OPTS="$JAVA_OPTS -Djavax.net.ssl.trustStore=/fully/qualified/path/to/server.keystore
  | -Djavax.net.ssl.trustStorePassword=password
  | -Dorg.jboss.security.ignoreHttpsHost=true"

- Configure another SSL/TLS connector in the Tomcat config file that is used by JBoss Web (at server/default/deploy/jboss-web.deployer/server.xml)  We're adding a new connector - leave the existing connector in place:
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
  | maxThreads="150" scheme="https" secure="true"
  | clientAuth="false" sslProtocol="TLS"
  | keystoreFile="/fully/qualified/path/to/server.keystore"
  | keystorePass="password" />

- Update server/default/deploy/jboss-portal.sar/portal-wsrp.sar/default-wsrp.xml.  Comment-out the "self" wsrp-producer deployment on your non-SSL port, and add the following:

  | <deployment>
  |   <wsrp-producer id="self" expiration-cache="300">
  |     <endpoint-config>
  |       <service-description-url>https://localhost:8443/portal-wsrp/ServiceDescriptionService</service-description-url>
  |       <markup-url>https://localhost:8443/portal-wsrp/MarkupService</markup-url>
  |       <registration-url>https://localhost:8443/portal-wsrp/RegistrationService</registration-url>
  |       <portlet-management-url>https://localhost:8443/portal-wsrp/PortletManagementService</portlet-management-url>
  |     </endpoint-config>
  |     <registration-data/>
  |   </wsrp-producer>
  | </deployment>

- If you need to turn on SSL debugging, add the following to bin/run.conf:
JAVA_OPTS="$JAVA_OPTS -Djavax.net.debug=ssl,handshake"

- (Re)start JBoss.  You may have to save and refresh the settings for the "self" WSRP producer from the JBoss Admin WSRP tab.

- Import the server.cer certificate into your browser's authorities to inform your browser that the server certificate is trusted.

- You should be able to access JBoss over SSL at https://localhost:8443/portal


View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4136759#4136759

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4136759

More information about the jboss-user mailing list