5 Replies Latest reply on Sep 27, 2011 4:15 AM by fabrizio.benedetti

    How do i configure SSL on JBOSS AS 7.0

    paul_fath

      Hi,

           Can somebody show me how to configure SSL on JBOSS AS 7.0?

       

           Thanks

        • 1. Re: How do i configure SSL on JBOSS AS 7.0
          jaikiran
          1 of 1 people found this helpful
          • 2. Re: How do i configure SSL on JBOSS AS 7.0
            paul_fath

            Hi jaikiran,I generated a keystore file with "keytool -genkey -alias jboss -keyalg RSA -keystore E:\server.keystore -validity 36500" and removed it to "{JBOSS_HOME}/standalone/configuration".Then,I configed standalone.xml as following:

             

            <connector name="https" protocol="HTTP/1.1" socket-binding="https" scheme="https" secure="true">

                 <ssl name="https" password="changeit" certificate-key-file="../standalone/configuration/server.keystore"/>

            </connector>

             

            When I start  the server, I got the following exception :

             

            15:56:29,134 ERROR [org.apache.coyote.http11.Http11AprProtocol] (MSC service thread 1-2) Error initializing endpoint: java.lang.Exception: Unable to load certificate key ../standalone/configuration/server.keystore (error:0906D06C:PEM routines:PEM_read_bio:no start line)

                at org.apache.tomcat.jni.SSLContext.setCertificate(Native Method)

                at org.apache.tomcat.util.net.AprEndpoint.init(AprEndpoint.java:660)

                at org.apache.coyote.http11.Http11AprProtocol.init(Http11AprProtocol.java:121)

                at org.apache.catalina.connector.Connector.init(Connector.java:976)

                at org.apache.catalina.core.StandardService.addConnector(StandardService.java:351)

                at org.jboss.as.web.WebServerService.addConnector(WebServerService.java:121)

                at org.jboss.as.web.WebConnectorService.start(WebConnectorService.java:223)

                at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1765)

                at org.jboss.msc.service.ServiceControllerImpl$ClearTCCLTask.run(ServiceControllerImpl.java:2291)

                at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) [:1.6.0_24]

                at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) [:1.6.0_24]

                at java.lang.Thread.run(Thread.java:662) [:1.6.0_24]

             

            Did  JBOSS AS 7 have any relationship with openssl and pem certificate? Could you give me more suggestions on how to config SSL on JBOSS AS 7?

            Thanks a lot!

            • 3. Re: How do i configure SSL on JBOSS AS 7.0
              fabrizio.benedetti

              It happens because the server on which you launch jboss has Apache Tomcat Native library installed. Native connector does not support java keystore type. When jboss starts, finds it in java.library.path system propoerty (you should see the message in server.log).

               

              You have two chances:

              - unistall native libraries and restart jboss (it will use JSSE)

              - create a key pair with openssl and change certificate-key-file attribute setting to /path/to/yourkey.pem

              • 4. Re: How do i configure SSL on JBOSS AS 7.0
                paul_fath

                Hi Fabrizio,thanks for your concern! I'm not familiar with JBOSS AS 7.

                What do you mean for "finds it in java.library.path system propoerty (you should see the message in server.log)".Could you show me the path where I can uninstall native libraries?The detail message in my server.log is as following:

                 

                11:16:21,294 INFO  [org.jboss.as.connector.subsystems.datasources] (Controller Boot Thread) Deploying JDBC-compliant driver class org.h2.Driver (version 1.2)

                11:16:21,309 INFO  [org.jboss.as.clustering.infinispan.subsystem] (Controller Boot Thread) Activating Infinispan subsystem.

                11:16:21,480 INFO  [org.jboss.as.naming] (Controller Boot Thread) Activating Naming Subsystem

                11:16:21,499 INFO  [org.jboss.as.naming] (MSC service thread 1-6) Starting Naming Service

                11:16:21,505 INFO  [org.jboss.as.osgi] (Controller Boot Thread) Activating OSGi Subsystem

                11:16:21,532 INFO  [org.jboss.as.security] (Controller Boot Thread) Activating Security Subsystem

                11:16:21,566 INFO  [org.jboss.remoting] (MSC service thread 1-5) JBoss Remoting version 3.2.0.Beta2

                11:16:21,589 INFO  [org.xnio] (MSC service thread 1-5) XNIO Version 3.0.0.Beta3

                11:16:21,621 INFO  [org.xnio.nio] (MSC service thread 1-5) XNIO NIO Implementation Version 3.0.0.Beta3

                11:16:21,904 INFO  [org.apache.catalina.core.AprLifecycleListener] (MSC service thread 1-2) An older version 1.1.20 of the Apache Tomcat Native library is installed, while Tomcat recommends version greater then 1.1.21

                11:16:21,985 INFO  [org.jboss.as.ee] (Controller Boot Thread) Activating EE subsystem

                11:16:22,102 INFO  [org.jboss.as.jmx.JMXConnectorService] (MSC service thread 1-7) Starting remote JMX connector

                11:16:22,146 INFO  [org.jboss.as.remoting] (MSC service thread 1-3) Listening on /127.0.0.1:9999

                11:16:22,706 INFO  [org.jboss.as.connector] (MSC service thread 1-1) Starting JCA Subsystem (JBoss IronJacamar 1.0.0.CR2)

                11:16:22,953 INFO  [org.jboss.as.connector.subsystems.datasources] (MSC service thread 1-8) Bound data source [java:jboss/datasources/ExampleDS]

                11:16:23,435 ERROR [org.apache.coyote.http11.Http11AprProtocol] (MSC service thread 1-2) Error initializing endpoint: java.lang.Exception: Unable to load certificate key ../standalone/configuration/server.keystore (error:0906D06C:PEM routines:PEM_read_bio:no start line)

                    at org.apache.tomcat.jni.SSLContext.setCertificate(Native Method)

                    at org.apache.tomcat.util.net.AprEndpoint.init(AprEndpoint.java:660)

                    at org.apache.coyote.http11.Http11AprProtocol.init(Http11AprProtocol.java:121)

                    at org.apache.catalina.connector.Connector.init(Connector.java:976)

                    at org.apache.catalina.core.StandardService.addConnector(StandardService.java:351)

                    at org.jboss.as.web.WebServerService.addConnector(WebServerService.java:121)

                    at org.jboss.as.web.WebConnectorService.start(WebConnectorService.java:223)

                    at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1765)

                    at org.jboss.msc.service.ServiceControllerImpl$ClearTCCLTask.run(ServiceControllerImpl.java:2291)

                    at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) [:1.6.0_24]

                    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) [:1.6.0_24]

                    at java.lang.Thread.run(Thread.java:662) [:1.6.0_24]

                 

                11:16:23,448 ERROR [org.apache.catalina.core.StandardService] (MSC service thread 1-2) Connector.initialize: LifecycleException:  Protocol handler initialization failed: java.lang.Exception: Unable to load certificate key ../standalone/configuration/server.keystore (error:0906D06C:PEM routines:PEM_read_bio:no start line)

                    at org.apache.catalina.connector.Connector.init(Connector.java:978)

                    at org.apache.catalina.core.StandardService.addConnector(StandardService.java:351)

                    at org.jboss.as.web.WebServerService.addConnector(WebServerService.java:121)

                    at org.jboss.as.web.WebConnectorService.start(WebConnectorService.java:223)

                    at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1765)

                    at org.jboss.msc.service.ServiceControllerImpl$ClearTCCLTask.run(ServiceControllerImpl.java:2291)

                    at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) [:1.6.0_24]

                    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) [:1.6.0_24]

                    at java.lang.Thread.run(Thread.java:662) [:1.6.0_24]

                 

                11:16:23,456 ERROR [org.apache.coyote.http11.Http11AprProtocol] (MSC service thread 1-2) Error starting endpoint: java.lang.Exception: Socket bind failed: [730048] ??????????????????×??????(Э??é/??????????????/??????)????????í????

                    at org.apache.tomcat.util.net.AprEndpoint.init(AprEndpoint.java:600)

                    at org.apache.tomcat.util.net.AprEndpoint.start(AprEndpoint.java:694)

                    at org.apache.coyote.http11.Http11AprProtocol.start(Http11AprProtocol.java:152)

                    at org.apache.catalina.connector.Connector.start(Connector.java:1051)

                    at org.apache.catalina.core.StandardService.addConnector(StandardService.java:359)

                    at org.jboss.as.web.WebServerService.addConnector(WebServerService.java:121)

                    at org.jboss.as.web.WebConnectorService.start(WebConnectorService.java:223)

                    at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1765)

                    at org.jboss.msc.service.ServiceControllerImpl$ClearTCCLTask.run(ServiceControllerImpl.java:2291)

                    at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) [:1.6.0_24]

                    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) [:1.6.0_24]

                    at java.lang.Thread.run(Thread.java:662) [:1.6.0_24]

                 

                11:16:23,464 ERROR [org.apache.catalina.core.StandardService] (MSC service thread 1-2) Connector.start: LifecycleException:  service.getName(): "jboss.web";  Protocol handler start failed: java.lang.Exception: Socket bind failed: [730048] ??????????????????×??????(Э??é/??????????????/??????)????????í????

                    at org.apache.catalina.connector.Connector.start(Connector.java:1058)

                    at org.apache.catalina.core.StandardService.addConnector(StandardService.java:359)

                    at org.jboss.as.web.WebServerService.addConnector(WebServerService.java:121)

                    at org.jboss.as.web.WebConnectorService.start(WebConnectorService.java:223)

                    at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1765)

                    at org.jboss.msc.service.ServiceControllerImpl$ClearTCCLTask.run(ServiceControllerImpl.java:2291)

                    at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) [:1.6.0_24]

                    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) [:1.6.0_24]

                    at java.lang.Thread.run(Thread.java:662) [:1.6.0_24]

                 

                11:16:23,683 INFO  [org.jboss.as.deployment] (MSC service thread 1-3) Started FileSystemDeploymentService for directory D:\work\server\jboss-as-web-7.0.0.Final\standalone\deployments

                11:16:23,707 INFO  [org.jboss.as] (Controller Boot Thread) JBoss AS 7.0.0.Final "Lightning" started in 4676ms - Started 92 of 147 services (55 services are passive or on-demand)

                11:16:36,993 INFO  [org.jboss.as.osgi] (MSC service thread 1-2) Stopping OSGi Framework

                 

                Thanks for your help!

                • 5. Re: How do i configure SSL on JBOSS AS 7.0
                  fabrizio.benedetti

                  The message is

                  11:16:21,904 INFO  [org.apache.catalina.core.AprLifecycleListener] (MSC service thread 1-2) An older version 1.1.20 of the Apache Tomcat Native library is installed, while Tomcat recommends version greater then 1.1.21

                  This means that Apache Portable Runtime 1.1.20 is installed in your system. You are unsing windows and unfortunately I don't know the exact procedure to uninstall APR on this system. I think it is sufficient you find and delete/rename tcnative-1.dll somewhere on windows filesystem (c:\windows\system32 ?) and restart jboss.

                   

                  Or you can convert your certificates with OpenSSL and leave APR (though I heard that APR windows implementation has some problems...).

                   

                  Regards,

                  Fabrizio