OK - so I have a bit of a conundrum... The organization I work for is attempting to get JBoss running with SSL.
We have purchased a GoDaddy Turbo SSL cert. The problem is this... GoDaddy doesn't have a cert specific for JBoss. They do however support Apache and Tomcat. I optend for "Other" as JBoss wasn't listed. I do realize however this may not have been the wisest choice. I have been reviewing the JBoss wiki located at http://wiki.jboss.org/wiki/SSLSetup;jsessionid=648378AE78137D63E6CE8DA1B7A1DE56 It seems to be heavily geared towards JBoss-3.2.3/Tomcat-4.1.x with anecdotal references to JBoss-4.2.1. Anyway... I am hoping that I am on the right tract. Maybe somebody can steer me in the right direction... Our implementation is somewhat non-standard. But the directory structure is basically unchanged. Here are the steps I've taken thus far: 1.) Generate the keystore file using Sun JAVA 1.4.2_15 M:\java\j2sdk1.4.2_15\bin\keytool.exe -genkey -alias jboss-ssl - keyalg RSA -keystore M:\clients\rel500-qa\SSL\rel500-qa.keystore -validity 3650 NOTE: rel500-qa is the name of the site in question. 2.) Generate the CSR M:\java\j2sdk1.4.2_15\bin\keytool.exe -certreq -alias jboss-ssl -keyalg RSA -file M:\clients\rel500-qa\SSL\rel500-qa.csr -keystore M:\clients\rel500-qa\SSL\rel500-qa.keystore 3.) Submit the CSR to GoDaddy and receive a Turbo SSL Cert 4.) According to GoDaddy, it was recommended that I include GoDaddy's "Cross-Intermediate and Intermediate certs." a.) M:\java\j2sdk1.4.2_15\bin\keytool.exe -import -alias cross -keystore rel500-qa.keystore -trustcacerts -file M:\clients\rel500-qa\SSL\gd_cross_intermediate.cer b.) M:\java\j2sdk1.4.2_15\bin\keytool.exe -keystore M:\clients\rel500-qa\SSL\rel500-qa.keystore -import -alias inter -file M:\clients\rel500-qa\SSL\gd_intermediate.cer. 5.) Import the GoDaddy assigned cert M:\java\j2sdk1.4.2_15\bin\keytool.exe -keystore M:\clients\rel500-qa\SSL\rel500-qa.keystore -keyalg "RSA" -import -trustcacerts -file M:\clients\rel500-qa\SSL\rel500-qa.domain-name.crt I now have a fully populated keystore file. When I test the keystore for PKCS12 validity, it fails... M:\clients\rel500-qa\SSL>M:\java\j2sdk1.4.2_15\bin\keytool.exe -list -keystore M:\clients\rel500-qa\SSL\rel500-qa.keystore -storetype PKCS12 | keytool error: java.io.IOException: DerInputStream.getLength(): lengthTag=109, too big. That is my first hurdle... After that is resolved, my next hurdle is WHERE should the keystore file reside? >From the wiki, I am thinking it belongs in /conf/rel500-qa.keystore Additionally, I am thinking that according to the wiki, I need to modify deploy/jboss-web.deployer/server.xml however, the formatting is considerably different than that for JBoss-3.2.3/Tomcat-4.1.x and I am wondering how it should look. Can I still use the following configration data: keystoreFile="${jboss.server.home.dir}/conf/server.keystore" | keystorePass="tc-ssl" | protocol = "TLS"/> If so, how should it look? I am thinking something like this, but I'm not entirely sure... <!-- Define a SSL HTTP/1.1 Connector on port 8443 | This connector uses the JSSE configuration, when using APR, the | connector should be using the OpenSSL style configuration | described in the APR documentation --> | | <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" | maxThreads="150" scheme="https" secure="true" | keystoreFile="${jboss.server.home.dir}/conf/server.keystore" | clientAuth="false" sslProtocol="TLS" /> Any assistance would be greatly appreciated - thanks. Caine View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4148471#4148471 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4148471 _______________________________________________ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user