[teiid-issues] [JBoss JIRA] (TEIID-2523) How to configure ssl with mod_cluster and JBoss 7.1.1

Jose Giner (JIRA) jira-events at lists.jboss.org
Mon Jun 3 04:05:54 EDT 2013 

Jose Giner created TEIID-2523:
---------------------------------

             Summary: How to configure ssl with mod_cluster and JBoss 7.1.1
                 Key: TEIID-2523
                 URL: https://issues.jboss.org/browse/TEIID-2523
             Project: Teiid
          Issue Type: Feature Request
    Affects Versions: 7.1.1
         Environment: - One LPAR with AIX 7.1, mod_cluster 1.1.3, http 2.2.14
- Two LPAR with AIX 7.1, JBoss 7.1.1. Final 
            Reporter: Jose Giner
            Assignee: Steven Hawkins


Hi,
We configure three LPAR with AIX7.1:
- One LPAR for Web with mod_cluster 1.1.3 and http 2.2.14
- Two LPAR for JBoss 7.1.1 Final.

Now we want to securize the Web LPAR.
1.- We create a local certificate on Web LPAR:
openssl genrsa -des3 -out server.key 1024
openssl req -new -key server.key -out server.csr
openssl req -new -key server.key -out server.csr
openssl x509 -req -days 730 -in server.csr -signkey server.key -out server.crt

2.- We comment the line "Include conf/extra/httpd-vhosts.conf" on httpd.conf

3.- We uncommnet the line "Include conf/extra/httpd-ssl.conf" on httpd.conf

4.- We copy the content of conf/extra/httpd-vhosts.conf at the bottom of conf/extra/httpd-ssl.conf and change the port 10001 by 443 and add SSL configuration:
</VirtualHost>
Listen 192.168.34.19:443
MemManagerFile /var/cache/httpd
<VirtualHost 192.168.34.19:443>
SSLEngine on
SSLCipherSuite AES128-SHA:ALL:!ADH:!LOW:!MD5:!SSLV2:!NULL
SSLCertificateFile pki/server.crt
SSLCertificateKeyFile pki/server.key
SSLVerifyClient require
SSLVerifyDepth 10
<Directory />
Order deny,allow
Allow from all
</Directory>
KeepAliveTimeout 60
MaxKeepAliveRequests 0
ManagerBalancerName other-server-group
AdvertiseFrequency 5
#This directive allows you to view mod_cluster status at URL http://192.168.34.19:10001/mod_cluster-manager
<Location /mod_cluster-manager>
SetHandler mod_cluster-manager
Order deny,allow
Allow from all
</Location>
</VirtualHost>

but we cannot connect using https://.....

Anything wrong? We must configure something in JBoss?

Regards,

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the teiid-issues mailing list