User: tmcsys
Date: 01/11/13 10:23:27
Modified: src/xdocs/howto howtossl.xml
Log:
Add Jetty SSL configuration
Revision Changes Path
1.2 +27 -13 manual/src/xdocs/howto/howtossl.xml
Index: howtossl.xml
===================================================================
RCS file: /cvsroot/jboss/manual/src/xdocs/howto/howtossl.xml,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- howtossl.xml 2001/09/18 21:38:31 1.1
+++ howtossl.xml 2001/11/13 18:23:27 1.2
@@ -1,5 +1,5 @@
<?xml version = "1.0" encoding = "UTF-8"?>
-<!-- $Id: howtossl.xml,v 1.1 2001/09/18 21:38:31 tmcsys Exp $ -->
+<!-- $Id: howtossl.xml,v 1.2 2001/11/13 18:23:27 tmcsys Exp $ -->
<!--DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN"
"docbookx/docbookx.dtd"-->
<section id="howtossl">
<title>Using SSL with JBoss</title>
@@ -12,20 +12,16 @@
<section>
<title>Introduction</title>
- <para>Adding SSL (Secure Socket Layer) support is simple using JBoss
2.4 configured to use Embedded Tomcat 3.2.2. The specific release used was JBoss 2.4
BETA Rel_2_4_0_23.</para>
+ <para>Adding SSL (Secure Socket Layer) support is simple using JBoss
2.4 with either Tomcat or Jetty Web containers. The specific releases used were JBoss
2.4 BETA Rel_2_4_0_23 with Tomcat 3.2.2, and JBoss-2.4.0_Jetty-3.1.RC8-1.</para>
<para>The target system was a RH Linux 6.2 system using the Sun 1.3
JDK and Sun's Secure Socket Extension, JSSE 1.0.2.</para>
</section>
<section>
<title>Outstanding Deployment Issues</title>
<formalpara>
- <title>Multiple sites</title>
- <para>JBoss-Tomcat apparently requires modification in order to
support multiple site names and certificates.</para>
+ <title>Multiple site certificates</title>
+ <para>Support of certificates for multiple sites is currently under
discussion. Please post your requirements to the forums or the jboss-user mailing
list.</para>
</formalpara>
- <formalpara>
- <title>JBoss-Jetty</title>
- <para>Please post your experiences using SSL and JBoss-Jetty to the
jboss-user mailing list.</para>
- </formalpara>
</section>
<section>
@@ -45,13 +41,12 @@
<listitem>
<para>Install JSSE</para>
<para>Follow steps 1 through 5 of the <ulink
url="http://java.sun.com/products/jsse/install.html";>JSSE installation
instructions</ulink>.</para>
- <para>Copy the JSSE jars to your $TOMCAT_HOME/lib
directory.</para>
<para>If you need to run 'keytool' on your system to create
and/or import certificates, copy the JSSE jars to $JAVA_HOME/jre/lib/ext.</para>
</listitem>
<listitem>
<para>Generate a Server Key and Certificate</para>
- <para>The following shell script can be used to create a server
certificate for testing:</para>
- <para>Note that keystore files will be generated in the directory you
run keytool from.</para>
+ <para>The following shell script can be used to create a "self-signed"
server certificate for testing:</para>
+ <para>The keystore file will be generated in the directory from which
you run keytool. Copy the keystore file to an appropriate directory.</para>
<programlisting><![CDATA[
keytool -genkey -alias tomcat -keyalg RSA \
-dname 'CN=your.domain.com, OU=Skunk Works Unit, O=Your Organization, L=Your
Location, S=Your State, C=US' \
@@ -63,8 +58,8 @@
<para>It should be possible to import existing certificates
generated with OpenSSL using keytool. See the section <ulink
url="http://jakarta.apache.org/tomcat/tomcat-3.2-doc/tomcat-ssl-howto.html#s6";>Importing
SSL certificates</ulink> in the Tomcat documentation.</para>
</listitem>
<listitem>
- <para>Configure Tomcat</para>
- <para>Find the section in the Tomcat server.xml
configuration file that starts with, "Uncomment this for SSL support". Uncomment the
following section, and insert the location of your server key.</para>
+ <para>Configure Web Container</para>
+ <para>If using Tomcat - Find the section in the Tomcat
server.xml configuration file that starts with, "Uncomment this for SSL support".
Uncomment the following section, and insert the location of your server key.</para>
<programlisting><![CDATA[
<Connector className="org.apache.tomcat.service.PoolTcpConnector">
<Parameter name="handler"
@@ -78,10 +73,29 @@
</Connector>
]]>
</programlisting>
+ <para>Copy the JSSE jars to your $TOMCAT_HOME/lib
directory.</para>
+ <para>If using Jetty - Find the section in the
$JBOSS_JETTY_HOME/conf/jetty/jetty.xml configuration file that starts with, "Uncomment
this to add an SSL listener". Uncomment the following section, and insert the
location of your server key.</para>
+ <programlisting><![CDATA[
+<Call name="addListener">
+ <Arg>
+ <New class="com.mortbay.HTTP.SunJsseListener">
+ <Set name="Port">8443</Set>
+ <Set name="MinThreads">5</Set>
+ <Set name="MaxThreads">255</Set>
+ <Set name="MaxIdleTimeMs">50000</Set>
+ <Set name="Keystore"><SystemProperty name="jetty.home"
default="."/>/etc/server.keystore</Set>
+ <Set name="Password">changeit</Set>
+ <Set name="KeyPassword">changeit</Set>
+ </New>
+ </Arg>
+</Call>
+ ]]>
+ </programlisting>
</listitem>
<listitem>
<para>Start JBoss</para>
<para>Start JBoss and point your browser to
https://your-server-name.your-domain:8443 to test your SSL implementation. </para>
+ <para>If using "self-signed" certificates, you may
have to import your test certificate into your browser.</para>
</listitem>
</orderedlist>
</section>
_______________________________________________
Jboss-development mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-development
