[jboss-user] [Security & JAAS/JBoss] - SSL problem with JBOSS AS 4.2

skkuchipudi do-not-reply at jboss.com
Mon Mar 30 12:17:19 EDT 2009 

I followed the following steps to enable the SSL for my web application in JBoss AS 4.2, 
   1. Generate the keystore using the command below. For the most part, you can just make up stuff for the responses. However, remember the password you provide and use the same password for the keystore and the key. When it asks for your first and last name, you should enter the hostname used for JBoss AS (i.e., localhost).
  | 
  |       keytool -genkey -keyalg RSA -keystore jbossas.keystore -validity NUMBER_OF_DAYS
  | 
  |    2. Move the generated file the conf directory of the JBoss AS default domain (or the one you are using):
  | 
  |       mv jbossas.keystore ${jboss.home}/server/default/conf/
  | 
  |    3. Open the file ${jboss.home}/server/default/deploy/jboss-web.deployer/server.xml in your editor, remove the XML comment around the SSL-connector, and modify the attributes to match the configuration shown here:
  | 
  |       <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
  |                  maxThreads="150" scheme="https" secure="true"
  |                  clientAuth="false" sslProtocol="TLS" address="${jboss.bind.address}"
  |                  keystoreFile="${jboss.server.home.dir}/conf/jbossas.keystore"
  |                  keystorePass="PASSWORD_FOR_KEYSTORE"/>
  | 
  |    4. Now you should be able to access your application through https. The URL will begin with https instead of http and you need to include the port number if the port you provided in the configuration is anything other than 443:
  | 
  |       https://localhost:8443

When directing to the above URL in IE, I get the error page with the message "The security certificate presented by this website was not issued
by a trusted certificate authority."

What I'm doing the above is right way or wrong way, what things do I need to follow to avoid this?

Please help me on this

Thanks,
Sumant K

View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4222064#4222064

Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4222064

More information about the jboss-user mailing list