3 Replies Latest reply: Oct 21, 2010 8:38 AM by Ken Barnes RSS

Encrypting the Keystore Password configurations in a Tomcat

yashendra chandrakar Newbie

I followed this wiki
http://www.jboss.org/community/wiki/EncryptKeystorePasswordInTomcatConnector

Defined a connector in deploy\jbossweb.sar\server.xml as follows:

<!-- SSL/TLS Connector with encrypted keystore password configuration -->
 <Connector port="8443" address="${jboss.bind.address}"
 maxThreads="100" minSpareThreads="5" maxSpareThreads="15"
 scheme="https" secure="true" clientAuth="true"
 sslProtocol = "TLS"
 securityDomain="java:/jaas/encrypt-keystore-password"
 SSLImplementation="org.jboss.net.ssl.JBossImplementation" ></Connector>


Added following dependency in tomcat at deploy\jbossweb.sar\META-INF\jboss-beans.xmll

<depends>jboss.security:service=PBESecurityDomain</depends>
 </mbean>
</server>


Defined the JaasSecurityDomain MBean in my own jboss-service.xml file

<mbean code="org.jboss.security.plugins.JaasSecurityDomain"
 name="jboss.security:service=PBESecurityDomain">
 <constructor>
 <arg type="java.lang.String" value="encrypt-keystore-password"></arg>
 </constructor>
 <attribute name="KeyStoreType">BouncyCastle</attribute>
 <attribute name="KeyStoreURL">my keystore filepath</attribute>
 <attribute name="KeyStorePass">keystorepassword</attribute>
 </mbean>



This same settings work perfectly in JBoss4.2.1
But I am not able to make it work for JBoss5.0.1

My JBoss5.0.1 is not able to recognise any of the information configured related to keystore in my jboss-service.xml.

I wonder if these connector attributes are still valid in JBoss5.0.1
securityDomain="java:/jaas/encrypt-keystore-password"
SSLImplementation="org.jboss.net.ssl.JBossImplementation"


If I move all these informations specified in jboss-service.xml
<attribute name="KeyStoreType">BouncyCastle</attribute>
 <attribute name="KeyStoreURL">my keystore filepath</attribute>
 <attribute name="KeyStorePass">keystorepassword</attribute>

to connector(server.xml) then everything works fine.