5 Replies Latest reply: Sep 27, 2011 4:15 AM by Fabrizio Benedetti RSS

How do i configure SSL on JBOSS AS 7.0

Nick Johnson Newbie

Hi,

     Can somebody show me how to configure SSL on JBOSS AS 7.0?

 

     Thanks

  • 2. Re: How do i configure SSL on JBOSS AS 7.0
    Nick Johnson Newbie

    Hi jaikiran,I generated a keystore file with "keytool -genkey -alias jboss -keyalg RSA -keystore E:\server.keystore -validity 36500" and removed it to "{JBOSS_HOME}/standalone/configuration".Then,I configed standalone.xml as following:

     

    <connector name="https" protocol="HTTP/1.1" socket-binding="https" scheme="https" secure="true">

         <ssl name="https" password="changeit" certificate-key-file="../standalone/configuration/server.keystore"/>

    </connector>

     

    When I start  the server, I got the following exception :

     

    15:56:29,134 ERROR [org.apache.coyote.http11.Http11AprProtocol] (MSC service thread 1-2) Error initializing endpoint: java.lang.Exception: Unable to load certificate key ../standalone/configuration/server.keystore (error:0906D06C:PEM routines:PEM_read_bio:no start line)

        at org.apache.tomcat.jni.SSLContext.setCertificate(Native Method)

        at org.apache.tomcat.util.net.AprEndpoint.init(AprEndpoint.java:660)

        at org.apache.coyote.http11.Http11AprProtocol.init(Http11AprProtocol.java:121)

        at org.apache.catalina.connector.Connector.init(Connector.java:976)

        at org.apache.catalina.core.StandardService.addConnector(StandardService.java:351)

        at org.jboss.as.web.WebServerService.addConnector(WebServerService.java:121)

        at org.jboss.as.web.WebConnectorService.start(WebConnectorService.java:223)

        at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1765)

        at org.jboss.msc.service.ServiceControllerImpl$ClearTCCLTask.run(ServiceControllerImpl.java:2291)

        at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) [:1.6.0_24]

        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) [:1.6.0_24]

        at java.lang.Thread.run(Thread.java:662) [:1.6.0_24]

     

    Did  JBOSS AS 7 have any relationship with openssl and pem certificate? Could you give me more suggestions on how to config SSL on JBOSS AS 7?

    Thanks a lot!

  • 3. Re: How do i configure SSL on JBOSS AS 7.0
    Fabrizio Benedetti Novice

    It happens because the server on which you launch jboss has Apache Tomcat Native library installed. Native connector does not support java keystore type. When jboss starts, finds it in java.library.path system propoerty (you should see the message in server.log).

     

    You have two chances:

    - unistall native libraries and restart jboss (it will use JSSE)

    - create a key pair with openssl and change certificate-key-file attribute setting to /path/to/yourkey.pem

  • 4. Re: How do i configure SSL on JBOSS AS 7.0
    Nick Johnson Newbie

    Hi Fabrizio,thanks for your concern! I'm not familiar with JBOSS AS 7.

    What do you mean for "finds it in java.library.path system propoerty (you should see the message in server.log)".Could you show me the path where I can uninstall native libraries?The detail message in my server.log is as following:

     

    11:16:21,294 INFO  [org.jboss.as.connector.subsystems.datasources] (Controller Boot Thread) Deploying JDBC-compliant driver class org.h2.Driver (version 1.2)

    11:16:21,309 INFO  [org.jboss.as.clustering.infinispan.subsystem] (Controller Boot Thread) Activating Infinispan subsystem.

    11:16:21,480 INFO  [org.jboss.as.naming] (Controller Boot Thread) Activating Naming Subsystem

    11:16:21,499 INFO  [org.jboss.as.naming] (MSC service thread 1-6) Starting Naming Service

    11:16:21,505 INFO  [org.jboss.as.osgi] (Controller Boot Thread) Activating OSGi Subsystem

    11:16:21,532 INFO  [org.jboss.as.security] (Controller Boot Thread) Activating Security Subsystem

    11:16:21,566 INFO  [org.jboss.remoting] (MSC service thread 1-5) JBoss Remoting version 3.2.0.Beta2

    11:16:21,589 INFO  [org.xnio] (MSC service thread 1-5) XNIO Version 3.0.0.Beta3

    11:16:21,621 INFO  [org.xnio.nio] (MSC service thread 1-5) XNIO NIO Implementation Version 3.0.0.Beta3

    11:16:21,904 INFO  [org.apache.catalina.core.AprLifecycleListener] (MSC service thread 1-2) An older version 1.1.20 of the Apache Tomcat Native library is installed, while Tomcat recommends version greater then 1.1.21

    11:16:21,985 INFO  [org.jboss.as.ee] (Controller Boot Thread) Activating EE subsystem

    11:16:22,102 INFO  [org.jboss.as.jmx.JMXConnectorService] (MSC service thread 1-7) Starting remote JMX connector

    11:16:22,146 INFO  [org.jboss.as.remoting] (MSC service thread 1-3) Listening on /127.0.0.1:9999

    11:16:22,706 INFO  [org.jboss.as.connector] (MSC service thread 1-1) Starting JCA Subsystem (JBoss IronJacamar 1.0.0.CR2)

    11:16:22,953 INFO  [org.jboss.as.connector.subsystems.datasources] (MSC service thread 1-8) Bound data source [java:jboss/datasources/ExampleDS]

    11:16:23,435 ERROR [org.apache.coyote.http11.Http11AprProtocol] (MSC service thread 1-2) Error initializing endpoint: java.lang.Exception: Unable to load certificate key ../standalone/configuration/server.keystore (error:0906D06C:PEM routines:PEM_read_bio:no start line)

        at org.apache.tomcat.jni.SSLContext.setCertificate(Native Method)

        at org.apache.tomcat.util.net.AprEndpoint.init(AprEndpoint.java:660)

        at org.apache.coyote.http11.Http11AprProtocol.init(Http11AprProtocol.java:121)

        at org.apache.catalina.connector.Connector.init(Connector.java:976)

        at org.apache.catalina.core.StandardService.addConnector(StandardService.java:351)

        at org.jboss.as.web.WebServerService.addConnector(WebServerService.java:121)

        at org.jboss.as.web.WebConnectorService.start(WebConnectorService.java:223)

        at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1765)

        at org.jboss.msc.service.ServiceControllerImpl$ClearTCCLTask.run(ServiceControllerImpl.java:2291)

        at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) [:1.6.0_24]

        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) [:1.6.0_24]

        at java.lang.Thread.run(Thread.java:662) [:1.6.0_24]

     

    11:16:23,448 ERROR [org.apache.catalina.core.StandardService] (MSC service thread 1-2) Connector.initialize: LifecycleException:  Protocol handler initialization failed: java.lang.Exception: Unable to load certificate key ../standalone/configuration/server.keystore (error:0906D06C:PEM routines:PEM_read_bio:no start line)

        at org.apache.catalina.connector.Connector.init(Connector.java:978)

        at org.apache.catalina.core.StandardService.addConnector(StandardService.java:351)

        at org.jboss.as.web.WebServerService.addConnector(WebServerService.java:121)

        at org.jboss.as.web.WebConnectorService.start(WebConnectorService.java:223)

        at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1765)

        at org.jboss.msc.service.ServiceControllerImpl$ClearTCCLTask.run(ServiceControllerImpl.java:2291)

        at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) [:1.6.0_24]

        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) [:1.6.0_24]

        at java.lang.Thread.run(Thread.java:662) [:1.6.0_24]

     

    11:16:23,456 ERROR [org.apache.coyote.http11.Http11AprProtocol] (MSC service thread 1-2) Error starting endpoint: java.lang.Exception: Socket bind failed: [730048] ??????????????????×??????(Э??é/??????????????/??????)????????í????

        at org.apache.tomcat.util.net.AprEndpoint.init(AprEndpoint.java:600)

        at org.apache.tomcat.util.net.AprEndpoint.start(AprEndpoint.java:694)

        at org.apache.coyote.http11.Http11AprProtocol.start(Http11AprProtocol.java:152)

        at org.apache.catalina.connector.Connector.start(Connector.java:1051)

        at org.apache.catalina.core.StandardService.addConnector(StandardService.java:359)

        at org.jboss.as.web.WebServerService.addConnector(WebServerService.java:121)

        at org.jboss.as.web.WebConnectorService.start(WebConnectorService.java:223)

        at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1765)

        at org.jboss.msc.service.ServiceControllerImpl$ClearTCCLTask.run(ServiceControllerImpl.java:2291)

        at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) [:1.6.0_24]

        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) [:1.6.0_24]

        at java.lang.Thread.run(Thread.java:662) [:1.6.0_24]

     

    11:16:23,464 ERROR [org.apache.catalina.core.StandardService] (MSC service thread 1-2) Connector.start: LifecycleException:  service.getName(): "jboss.web";  Protocol handler start failed: java.lang.Exception: Socket bind failed: [730048] ??????????????????×??????(Э??é/??????????????/??????)????????í????

        at org.apache.catalina.connector.Connector.start(Connector.java:1058)

        at org.apache.catalina.core.StandardService.addConnector(StandardService.java:359)

        at org.jboss.as.web.WebServerService.addConnector(WebServerService.java:121)

        at org.jboss.as.web.WebConnectorService.start(WebConnectorService.java:223)

        at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1765)

        at org.jboss.msc.service.ServiceControllerImpl$ClearTCCLTask.run(ServiceControllerImpl.java:2291)

        at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) [:1.6.0_24]

        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) [:1.6.0_24]

        at java.lang.Thread.run(Thread.java:662) [:1.6.0_24]

     

    11:16:23,683 INFO  [org.jboss.as.deployment] (MSC service thread 1-3) Started FileSystemDeploymentService for directory D:\work\server\jboss-as-web-7.0.0.Final\standalone\deployments

    11:16:23,707 INFO  [org.jboss.as] (Controller Boot Thread) JBoss AS 7.0.0.Final "Lightning" started in 4676ms - Started 92 of 147 services (55 services are passive or on-demand)

    11:16:36,993 INFO  [org.jboss.as.osgi] (MSC service thread 1-2) Stopping OSGi Framework

     

    Thanks for your help!

  • 5. Re: How do i configure SSL on JBOSS AS 7.0
    Fabrizio Benedetti Novice

    The message is

    11:16:21,904 INFO  [org.apache.catalina.core.AprLifecycleListener] (MSC service thread 1-2) An older version 1.1.20 of the Apache Tomcat Native library is installed, while Tomcat recommends version greater then 1.1.21

    This means that Apache Portable Runtime 1.1.20 is installed in your system. You are unsing windows and unfortunately I don't know the exact procedure to uninstall APR on this system. I think it is sufficient you find and delete/rename tcnative-1.dll somewhere on windows filesystem (c:\windows\system32 ?) and restart jboss.

     

    Or you can convert your certificates with OpenSSL and leave APR (though I heard that APR windows implementation has some problems...).

     

    Regards,

    Fabrizio