10

I am attempting to get SSL set up in JBoss Application Server 7. I want http and https so I added:

<connector name="https" scheme="https" protocol="HTTP/1.1" secure ="true" socket-   binding="https"/>

I created a jsse element as directed by https://docs.jboss.org/author/display/AS7/Security+subsystem+configuration

Where do I put this jsse element in standalone.xml and how do I tie it to the https connector?

Vadzim
  • 24,954
  • 11
  • 143
  • 151
Mark Sholund
  • 1,273
  • 2
  • 18
  • 32

1 Answers1

12

Okay, I figured it out after searching for "Jboss 7" and https together. http://community.jboss.org/message/625454

and

http://docs.jboss.org/jbossweb/7.0.x/config/ssl.html

were helpful resources.

A jsse element is not necessary in this case, all I needed to do was add 

<ssl key-alias="<alias>" password="<password>" certificate-key-file="<path>" verify-client="true" ca-certificate-file="<path>"/>

Although there is a bug, https://issues.jboss.org/browse/AS7-1680, in which the value of ca-certificate-file is ignored. I order to get client authentication the truststore has to be passed a different way, either through standalone.conf or 

<system-properties>
     <property name="javax.net.ssl.trustStore" value="<path to truststore file>"/>
</system-properties>
Mark Sholund
  • 1,273
  • 2
  • 18
  • 32
  • Hi Mark, can you tell me the difference between the certificate-key-file and the ca-certificate-file and trust store file? – ruby Mar 03 '14 at 16:24
  • Ruby - I think this might answer your question (see SSL support section)http://docs.jboss.org/jbossweb/7.0.x/config/ssl.html – Mark Sholund Mar 03 '14 at 17:45
  • HI Mark, Thank you. So the certificate-key-file is the .keystore file but I dont have any . keystore file. When I generated a key , it generated a .jks file which i then certified from a csr – ruby Mar 04 '14 at 12:17