Hi All,
I am using latest JBoss 6.0.0.CR1 build with "default" configuration (in Windows platform).
For user authentication I have to communicate with corporate LDAP server using "ldaps" protocol (secured ldap).
I have got the required truststore file and password for the ldap server.
Now, I have added following line in {JBOSS_HOME}\bin\run.conf.bat file
set "JAVA_OPTS=%JAVA_OPTS% -Djavax.net.ssl.trustStore=%JBOSS_HOME%\server\default\conf\server.truststore -Djavax.net.ssl.trustStorePassword=<TRUSTSTORE_PASSWORD>" and I can successfully communicate with the ldap server using secured ldap protocol (i.e. ldaps).
My question is: instead of modifying the "run.conf.bat" file, can I specify the same (or similar) in some configuration file?
For example I did add following lines in {JBOSS_HOME}server\default\conf\server.xml under "SSL/TLS Connector configuration" block - but it did not work.
<!-- SSL/TLS Connector configuration using the admin devl guide keystore -->
<Connector protocol="HTTP/1.1" SSLEnabled="true"
port="${jboss.web.https.port}" address="${jboss.bind.address}"
scheme="https" secure="true" clientAuth="false"
keystoreFile="${jboss.server.home.dir}/conf/server.keystore"
keystorePass="edm-ssl-pass"
truststoreFile="${jboss.server.home.dir}/conf/server.truststore"
truststorePass="<TRUSTSTORE_PASSWORD>"
sslProtocol = "TLS" />
So, does that mean updating "run.conf.bat" file is the only way to communicate with a secured server?
Any suggestion will be appreciated.
Thanks in advance,
-
Hi!
In my opinion, truststoreFile is a container for clients' public certificates.
It make sense for clientAuth="true" for dual server-browser authentication.
I did not do so, and I could be wrong.