2 Replies Latest reply on Mar 4, 2014 10:50 AM by shruti-p

    How to install SSLCertificateChainFile in JBoss 7

    celle2006

      Hi all,

       

      in JBoss 5.1 i configured a ssl connection like this:

       

      <Connector protocol="org.apache.coyote.http11.Http11AprProtocol" SSLEnabled="true"

                 port="443" address="${jboss.bind.address}"

                 scheme="https" secure="true" clientAuth="false"

                 SSLCertificateFile="${jboss.server.home.dir}/conf/cert/*********.pem"

              SSLCertificateKeyFile="${jboss.server.home.dir}/conf/cert/*********.key"

              SSLCertificateChainFile="${jboss.server.home.dir}/conf/cert/*********chain.pem"

              sslProtocol = "TLS" />

       

      as you can see i used APR.

       

      In JBoss 7.1 i configured the ssl connection like this:

       

      <subsystem xmlns="urn:jboss:domain:web:1.2" default-virtual-server="default-host" native="true">

                  <connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="http"/>

               <connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" secure="true">

                     <ssl certificate-key-file="${jboss.server.config.dir}/cert/*********.key" protocol="TLSv1" verify-client="false" certificate-file="${jboss.server.config.dir}/cert/*****.pem"/>

               </connector>

                  <virtual-server name="default-host" enable-welcome-root="false"/>

              </subsystem>

       

      I did not find a possiblity to add the SSLCertificateChainFile. Can anybody tell me how to configure the chain file?

       

      Kind Regards

       

      Marcel

        • 1. Re: How to install SSLCertificateChainFile in JBoss 7
          celle2006

          In Tag ssl I set the ca-certificate-file attribute. I entered the path to chain certificate file and it is working fine.

           

          <ssl certificate-key-file="${jboss.server.config.dir}/cert/***.key" protocol="TLSv1" verify-client="false" certificate-file="${jboss.server.config.dir}/cert/*****.pem" ca-certificate-file="${jboss.server.config.dir}/cert/*******.pem"/>

          • 2. Re: How to install SSLCertificateChainFile in JBoss 7
            shruti-p

            Hi Celle,

             

            I am trying to switch my http interface to https, I bought a certificate from a CA and imported it into my keystore. But I keep getting this message that the certificate cannot be trusted when I try to load my web application.

            I have used the following commads to import the certificate into the keystore

              keytool -import -alias root -keystore <your_keystore_filename> \ -trustcacerts -file <filename_of_the_chain_certificate>

            keytool -import -alias tomcat -keystore <your_keystore_filename> \ -  file <your_certificate_filename>

            I have configured the https connector in jboss in the following way

            <subsystem xmlns="urn:jboss:domain:web:1.1" native="false" default-virtual- server="default-host"

            <connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="http"/

            <connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" secure="true"

            <ssl name="https" key-alias="myalias" password="foobar" certificate-key-file="/path_to_keystore_file"/

            </connector

            <virtual-server name="default-host" enable-welcome-root="false"

            <alias name="localhost"/

            <alias name="example.com"/

            </virtual-server

            Can you please explain the difference between certificate-key-file, certificate-file and why are there two of them?

            Also if there are any other configurations if I have missed