User: tmcsys
Date: 01/09/18 14:38:31
Added: src/xdocs/howto howtossl.xml
Log:
Add SSL Howto
Revision Changes Path
1.1 manual/src/xdocs/howto/howtossl.xml
Index: howtossl.xml
===================================================================
<?xml version = "1.0" encoding = "UTF-8"?>
<!-- $Id: howtossl.xml,v 1.1 2001/09/18 21:38:31 tmcsys Exp $ -->
<!--DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN"
"docbookx/docbookx.dtd"-->
<section id="howtossl">
<title>Using SSL with JBoss</title>
<para>Author:<author>
<firstname>Tom</firstname>
<surname>Coleman</surname>
</author>
<email>[EMAIL PROTECTED]</email>
</para>
<section>
<title>Introduction</title>
<para>Adding SSL (Secure Socket Layer) support is simple using JBoss
2.4 configured to use Embedded Tomcat 3.2.2. The specific release used was JBoss 2.4
BETA Rel_2_4_0_23.</para>
<para>The target system was a RH Linux 6.2 system using the Sun 1.3
JDK and Sun's Secure Socket Extension, JSSE 1.0.2.</para>
</section>
<section>
<title>Outstanding Deployment Issues</title>
<formalpara>
<title>Multiple sites</title>
<para>JBoss-Tomcat apparently requires modification in order to
support multiple site names and certificates.</para>
</formalpara>
<formalpara>
<title>JBoss-Jetty</title>
<para>Please post your experiences using SSL and JBoss-Jetty to the
jboss-user mailing list.</para>
</formalpara>
</section>
<section>
<title>Contributors:</title>
<itemizedlist>
<listitem><para>Scott Stark</para></listitem>
</itemizedlist>
</section>
<section>
<title>Installation & Configuration</title>
<orderedlist>
<listitem>
<para>Download JSSE</para>
<para>If you are using JDK 1.3 or 1.2, JSSE is
optional. Download it from <ulink url="http://java.sun.com/products/jsse";>Sun's JSSE
Page</ulink>. Jump through the hoops as required.</para>
<para>If you are using JDK 1.4, JSSE is included. But then, JDK 1.4 is
another story.</para>
</listitem>
<listitem>
<para>Install JSSE</para>
<para>Follow steps 1 through 5 of the <ulink
url="http://java.sun.com/products/jsse/install.html";>JSSE installation
instructions</ulink>.</para>
<para>Copy the JSSE jars to your $TOMCAT_HOME/lib
directory.</para>
<para>If you need to run 'keytool' on your system to create
and/or import certificates, copy the JSSE jars to $JAVA_HOME/jre/lib/ext.</para>
</listitem>
<listitem>
<para>Generate a Server Key and Certificate</para>
<para>The following shell script can be used to create a server
certificate for testing:</para>
<para>Note that keystore files will be generated in the directory you
run keytool from.</para>
<programlisting><![CDATA[
keytool -genkey -alias tomcat -keyalg RSA \
-dname 'CN=your.domain.com, OU=Skunk Works Unit, O=Your Organization, L=Your
Location, S=Your State, C=US' \
-keypass changeit \
-storepass changeit \
-keystore server.keystore
]]>
</programlisting>
<para>It should be possible to import existing certificates
generated with OpenSSL using keytool. See the section <ulink
url="http://jakarta.apache.org/tomcat/tomcat-3.2-doc/tomcat-ssl-howto.html#s6";>Importing
SSL certificates</ulink> in the Tomcat documentation.</para>
</listitem>
<listitem>
<para>Configure Tomcat</para>
<para>Find the section in the Tomcat server.xml
configuration file that starts with, "Uncomment this for SSL support". Uncomment the
following section, and insert the location of your server key.</para>
<programlisting><![CDATA[
<Connector className="org.apache.tomcat.service.PoolTcpConnector">
<Parameter name="handler"
value="org.apache.tomcat.service.http.HttpConnectionHandler"/>
<Parameter name="port"
value="8443"/>
<Parameter name="socketFactory"
value="org.apache.tomcat.net.SSLSocketFactory" />
<Parameter name="keystore"
value="/usr/java/jakarta-tomcat-3.2.2/server.keystore" />
<Parameter name="keypass" value="changeit" />
</Connector>
]]>
</programlisting>
</listitem>
<listitem>
<para>Start JBoss</para>
<para>Start JBoss and point your browser to
https://your-server-name.your-domain:8443 to test your SSL implementation. </para>
</listitem>
</orderedlist>
</section>
</section>
_______________________________________________
Jboss-development mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-development
