User: tmcsys Date: 01/09/18 14:38:31 Added: src/xdocs/howto howtossl.xml Log: Add SSL Howto Revision Changes Path 1.1 manual/src/xdocs/howto/howtossl.xml Index: howtossl.xml =================================================================== <?xml version = "1.0" encoding = "UTF-8"?> <!-- $Id: howtossl.xml,v 1.1 2001/09/18 21:38:31 tmcsys Exp $ --> <!--DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN" "docbookx/docbookx.dtd"--> <section id="howtossl"> <title>Using SSL with JBoss</title> <para>Author:<author> <firstname>Tom</firstname> <surname>Coleman</surname> </author> <email>[EMAIL PROTECTED]</email> </para> <section> <title>Introduction</title> <para>Adding SSL (Secure Socket Layer) support is simple using JBoss 2.4 configured to use Embedded Tomcat 3.2.2. The specific release used was JBoss 2.4 BETA Rel_2_4_0_23.</para> <para>The target system was a RH Linux 6.2 system using the Sun 1.3 JDK and Sun's Secure Socket Extension, JSSE 1.0.2.</para> </section> <section> <title>Outstanding Deployment Issues</title> <formalpara> <title>Multiple sites</title> <para>JBoss-Tomcat apparently requires modification in order to support multiple site names and certificates.</para> </formalpara> <formalpara> <title>JBoss-Jetty</title> <para>Please post your experiences using SSL and JBoss-Jetty to the jboss-user mailing list.</para> </formalpara> </section> <section> <title>Contributors:</title> <itemizedlist> <listitem><para>Scott Stark</para></listitem> </itemizedlist> </section> <section> <title>Installation & Configuration</title> <orderedlist> <listitem> <para>Download JSSE</para> <para>If you are using JDK 1.3 or 1.2, JSSE is optional. Download it from <ulink url="http://java.sun.com/products/jsse">Sun's JSSE Page</ulink>. Jump through the hoops as required.</para> <para>If you are using JDK 1.4, JSSE is included. But then, JDK 1.4 is another story.</para> </listitem> <listitem> <para>Install JSSE</para> <para>Follow steps 1 through 5 of the <ulink url="http://java.sun.com/products/jsse/install.html">JSSE installation instructions</ulink>.</para> <para>Copy the JSSE jars to your $TOMCAT_HOME/lib directory.</para> <para>If you need to run 'keytool' on your system to create and/or import certificates, copy the JSSE jars to $JAVA_HOME/jre/lib/ext.</para> </listitem> <listitem> <para>Generate a Server Key and Certificate</para> <para>The following shell script can be used to create a server certificate for testing:</para> <para>Note that keystore files will be generated in the directory you run keytool from.</para> <programlisting><![CDATA[ keytool -genkey -alias tomcat -keyalg RSA \ -dname 'CN=your.domain.com, OU=Skunk Works Unit, O=Your Organization, L=Your Location, S=Your State, C=US' \ -keypass changeit \ -storepass changeit \ -keystore server.keystore ]]> </programlisting> <para>It should be possible to import existing certificates generated with OpenSSL using keytool. See the section <ulink url="http://jakarta.apache.org/tomcat/tomcat-3.2-doc/tomcat-ssl-howto.html#s6">Importing SSL certificates</ulink> in the Tomcat documentation.</para> </listitem> <listitem> <para>Configure Tomcat</para> <para>Find the section in the Tomcat server.xml configuration file that starts with, "Uncomment this for SSL support". Uncomment the following section, and insert the location of your server key.</para> <programlisting><![CDATA[ <Connector className="org.apache.tomcat.service.PoolTcpConnector"> <Parameter name="handler" value="org.apache.tomcat.service.http.HttpConnectionHandler"/> <Parameter name="port" value="8443"/> <Parameter name="socketFactory" value="org.apache.tomcat.net.SSLSocketFactory" /> <Parameter name="keystore" value="/usr/java/jakarta-tomcat-3.2.2/server.keystore" /> <Parameter name="keypass" value="changeit" /> </Connector> ]]> </programlisting> </listitem> <listitem> <para>Start JBoss</para> <para>Start JBoss and point your browser to https://your-server-name.your-domain:8443 to test your SSL implementation. </para> </listitem> </orderedlist> </section> </section> _______________________________________________ Jboss-development mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-development