2

I have a Spring JSF web application which is deployed in JBoss6 Application Server which I want to add SSL(i.e. https). How would I do this in Proper manner with JBoss6?

I've enabled the jboss6\server\default\deploy\jbossweb.sar\server.xml file as follows,

 <Connector protocol="HTTP/1.1" SSLEnabled="true" 
       port="${jboss.web.https.port}" address="${jboss.bind.address}"
       scheme="https" secure="true" clientAuth="false" 
       keystoreFile="${jboss.server.home.dir}/conf/chap8.keystore" 
       keystorePass="rmi+ssl" sslProtocol = "TLS" />

and I get the following error when the application is deployed.

Caused by: java.security.UnrecoverableKeyException: Password verification failed
    at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:769) [:1.6.0_22]
    ... 149 more

14:12:21,476 ERROR [AbstractKernelController] Error installing to Start: name=WebServer state=Create: LifecycleException:  Protocol handler initialization failed: java.io.IOException: Keystore was tampered with, or password was incorrect
    at org.apache.catalina.connector.Connector.initialize(Connector.java:1020) [:6.0.0.Final]
    at org.apache.catalina.core.StandardService.initialize(StandardService.java:701) [:6.0.0.Final]
    at org.apache.catalina.core.StandardServer.initialize(StandardServer.java:443) [:6.0.0.Final]
    at org.jboss.web.tomcat.service.deployers.TomcatService.startService(TomcatService.java:359) [:6.0.0.Final]
    at org.jboss.system.ServiceMBeanSupport.jbossInternalStart(ServiceMBeanSupport.java:355) [:6.0.0.Final (Build SVNTag:JBoss_6.0.0.Final date: 20101228)]
    at org.jboss.system.ServiceMBeanSupport.pojoStart(ServiceMBeanSupport.java:195) [:6.0.0.Final (Build SVNTag:JBoss_6.0.0.Final date: 20101228)]
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [:1.6.0_22]
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) [:1.6.0_22]
Swarnajith
  • 123
  • 5
  • Did you consider setting up an apache with a proxy in front of your jboss? I think it's better to leave access protocol management to a pure web server. –  Oct 03 '12 at 08:28
  • my web server is totally based on jboss6 AS. I'm not using Apache –  Oct 03 '12 at 08:46

1 Answers1

1

Make sure you have this in server.xml ,

     <Connector port="443" maxHttpHeaderSize="8192"
     maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
     enableLookups="false" disableUploadTimeout="true"
     acceptCount="100" scheme="https" secure="true"
     **keystoreFile="/path/to/file/mycert.jks"**
     clientAuth="false" sslProtocol="TLS">

Use this link for the reference.

gks
  • 126
  • 1
  • Please fix the curly quotes to be straight quotes. Curly quotes are invalid XML. –  Oct 03 '12 at 11:25
  • I defined the port as 8443 and the keystorepassword as well. error invoked because i haven't defined those values. After configuring the values it worked. I only configured the keystoreFile location earlier that's the reason things went wrong. – Swarnajith Oct 16 '12 at 03:50