3 Replies Latest reply on Oct 21, 2010 8:38 AM by kenbarnesjr

    Encrypting the Keystore Password configurations in a Tomcat

    yashendrac

      I followed this wiki
      http://www.jboss.org/community/wiki/EncryptKeystorePasswordInTomcatConnector

      Defined a connector in deploy\jbossweb.sar\server.xml as follows:

      <!-- SSL/TLS Connector with encrypted keystore password configuration -->
       <Connector port="8443" address="${jboss.bind.address}"
       maxThreads="100" minSpareThreads="5" maxSpareThreads="15"
       scheme="https" secure="true" clientAuth="true"
       sslProtocol = "TLS"
       securityDomain="java:/jaas/encrypt-keystore-password"
       SSLImplementation="org.jboss.net.ssl.JBossImplementation" ></Connector>
      


      Added following dependency in tomcat at deploy\jbossweb.sar\META-INF\jboss-beans.xmll

      <depends>jboss.security:service=PBESecurityDomain</depends>
       </mbean>
      </server>
      


      Defined the JaasSecurityDomain MBean in my own jboss-service.xml file

      <mbean code="org.jboss.security.plugins.JaasSecurityDomain"
       name="jboss.security:service=PBESecurityDomain">
       <constructor>
       <arg type="java.lang.String" value="encrypt-keystore-password"></arg>
       </constructor>
       <attribute name="KeyStoreType">BouncyCastle</attribute>
       <attribute name="KeyStoreURL">my keystore filepath</attribute>
       <attribute name="KeyStorePass">keystorepassword</attribute>
       </mbean>
      



      This same settings work perfectly in JBoss4.2.1
      But I am not able to make it work for JBoss5.0.1

      My JBoss5.0.1 is not able to recognise any of the information configured related to keystore in my jboss-service.xml.

      I wonder if these connector attributes are still valid in JBoss5.0.1
      securityDomain="java:/jaas/encrypt-keystore-password"
      SSLImplementation="org.jboss.net.ssl.JBossImplementation"


      If I move all these informations specified in jboss-service.xml
      <attribute name="KeyStoreType">BouncyCastle</attribute>
       <attribute name="KeyStoreURL">my keystore filepath</attribute>
       <attribute name="KeyStorePass">keystorepassword</attribute>
      

      to connector(server.xml) then everything works fine.