Basically, can not get jboss https to work. It is not a browser issue since it can get https pages from a vast number of website - its a jboss config issue.
Using JBoss-3.2.5 In jboss/server/default/deploy/jbossweb-tomcat41.sar/META-INF/jboss-service.xml Note: 1) if one does not set the "SSLImplementation" then it assumse one is using the "puretsl" implementation and if one does not have it around, then one gets a class not found issue, and 2) the attribute name MUST be "SSLImplementation", it can not be, for example, "sslImplementation" because jboss does not match setter/getter methods by first lower-casing both strings ... no, jboss only lower-cases the first character of the attribute name in the xml file.... Near the top of the log, the Digester reads all of the attributes: 2004-12-06 16:45:42,036 DEBUG [BeanUtils] jboss.web:service=WebServer EmbeddedCatalina4.1.x - BeanUtils.populate([EMAIL PROTECTED], {protocol=TLS, keystorePass=tc-ssl, clientAuth=false, SSLImplementation=org.apache.tomcat.util.net.jsse.JSSEImplementation, keystoreFile=/usr/local/ED/app/jboss/server/cs/conf/server.keystore, className=org.apache.coyote.tomcat4.CoyoteServerSocketFactory}) >From the log I get: 2004-12-06 16:46:15,850 INFO [Engine] - CoyoteConnector Coyote can't register jmx for protocol 2004-12-06 16:46:15,867 INFO [Http11Protocol] - Starting Coyote HTTP/1.1 on port 50080 2004-12-06 16:46:15,867 DEBUG [Http11Protocol] - Attribute soLinger: -1 2004-12-06 16:46:15,867 DEBUG [Http11Protocol] - Attribute soTimeout: 60000 2004-12-06 16:46:15,867 DEBUG [Http11Protocol] - Attribute serverSoTimeout: 0 2004-12-06 16:46:15,868 DEBUG [Http11Protocol] - Attribute tcpNoDelay: true 2004-12-06 16:46:15,868 DEBUG [Http11Protocol] - Attribute jkHome: /usr/local/ED/app/jboss/server/default 2004-12-06 16:46:15,868 DEBUG [Http11Protocol] - Attribute port: 50443 2004-12-06 16:46:15,868 DEBUG [Http11Protocol] - Attribute maxThreads: 20 2004-12-06 16:46:15,869 DEBUG [Http11Protocol] - Attribute minSpareThreads: 5 2004-12-06 16:46:15,869 DEBUG [Http11Protocol] - Attribute maxSpareThreads: 5 2004-12-06 16:46:15,869 DEBUG [Http11Protocol] - Attribute backlog: 10 2004-12-06 16:46:15,870 DEBUG [Http11Protocol] - Attribute tcpNoDelay: true 2004-12-06 16:46:15,870 DEBUG [Http11Protocol] - Attribute soLinger: -1 2004-12-06 16:46:15,870 DEBUG [Http11Protocol] - Attribute soTimeout: 60000 2004-12-06 16:46:15,871 DEBUG [Http11Protocol] - Attribute timeout: 300000 2004-12-06 16:46:15,871 DEBUG [Http11Protocol] - Attribute serverSoTimeout: 0 2004-12-06 16:46:15,871 DEBUG [Http11Protocol] - Attribute maxKeepAliveRequests: 100 2004-12-06 16:46:15,872 DEBUG [Http11Protocol] - Attribute tomcatAuthentication: true 2004-12-06 16:46:15,872 DEBUG [Http11Protocol] - Attribute compression: off 2004-12-06 16:46:15,872 DEBUG [Http11Protocol] - Attribute address: /0.0.0.0 2004-12-06 16:46:15,873 DEBUG [Http11Protocol] - Attribute secure: true 2004-12-06 16:46:15,873 DEBUG [Http11Protocol] - Attribute algorithm: null 2004-12-06 16:46:15,874 DEBUG [Http11Protocol] - Attribute keystore: /usr/local/ED/app/jboss/server/default/conf/server.keystore 2004-12-06 16:46:15,874 DEBUG [Http11Protocol] - Attribute randomfile: /home/myhome/random.pem 2004-12-06 16:46:15,874 DEBUG [Http11Protocol] - Attribute rootfile: /home/myhome/root.pem 2004-12-06 16:46:15,875 DEBUG [Http11Protocol] - Attribute keystoreType: JKS 2004-12-06 16:46:15,875 DEBUG [Http11Protocol] - Attribute protocol: TLS 2004-12-06 16:46:15,875 DEBUG [Http11Protocol] - Attribute sslImplementation: org.apache.tomcat.util.net.jsse.JSSEImplementation 2004-12-06 16:46:16,091 DEBUG [JSSESocketFactory] - Truststore = null 2004-12-06 16:46:16,091 DEBUG [JSSESocketFactory] - TrustPass = tc-ssl 2004-12-06 16:46:16,091 DEBUG [JSSESocketFactory] - trustType = JKS Note that the keystore was picked up from the jboss-service.xml file. Also, note that the "clientAuth" was not picked up!!!!!!! I assume that this is printed by code in the class org/apache/coyote/tomcat4/CoyoteConnector.java: IntrospectionUtils.setProperty(protocolHandler, "jkHome", System.getProperty("catalina.base")); // Set attributes IntrospectionUtils.setProperty(protocolHandler, "port", "" + port); IntrospectionUtils.setProperty(protocolHandler, "maxThreads", "" + maxProcessors); IntrospectionUtils.setProperty(protocolHandler, "minSpareThreads", "" + minProcessors); IntrospectionUtils.setProperty(protocolHandler, "maxSpareThreads", "" + maxSpareProcessors); IntrospectionUtils.setProperty(protocolHandler, "backlog", "" + acceptCount); IntrospectionUtils.setProperty(protocolHandler, "tcpNoDelay", "" + tcpNoDelay); IntrospectionUtils.setProperty(protocolHandler, "soLinger", "" + connectionLinger); IntrospectionUtils.setProperty(protocolHandler, "soTimeout", "" + connectionTimeout); IntrospectionUtils.setProperty(protocolHandler, "timeout", "" + connectionUploadTimeout); IntrospectionUtils.setProperty(protocolHandler, "serverSoTimeout", "" + serverSocketTimeout); IntrospectionUtils.setProperty(protocolHandler, "disableUploadTimeout", "" + disableUploadTimeout); IntrospectionUtils.setProperty(protocolHandler, "maxKeepAliveRequests", "" + maxKeepAliveRequests); IntrospectionUtils.setProperty(protocolHandler, "tomcatAuthentication", "" + tomcatAuthentication); IntrospectionUtils.setProperty(protocolHandler, "compression", compression); if (address != null) { IntrospectionUtils.setProperty(protocolHandler, "address", address); } // Configure secure socket factory if (factory instanceof CoyoteServerSocketFactory) { IntrospectionUtils.setProperty(protocolHandler, "secure", "" + true); CoyoteServerSocketFactory ssf = (CoyoteServerSocketFactory) factory; IntrospectionUtils.setProperty(protocolHandler, "algorithm", ssf.getAlgorithm()); IntrospectionUtils.setProperty(protocolHandler, "clientauth", ssf.getClientAuth()); IntrospectionUtils.setProperty(protocolHandler, "keystore", ssf.getKeystoreFile()); IntrospectionUtils.setProperty(protocolHandler, "randomfile", ssf.getRandomFile()); IntrospectionUtils.setProperty(protocolHandler, "rootfile", ssf.getRootFile()); IntrospectionUtils.setProperty(protocolHandler, "keypass", ssf.getKeystorePass()); IntrospectionUtils.setProperty(protocolHandler, "keytype", ssf.getKeystoreType()); IntrospectionUtils.setProperty(protocolHandler, "protocol", ssf.getProtocol()); IntrospectionUtils.setProperty(protocolHandler, "sSLImplementation", ssf.getSSLImplementation()); } else { IntrospectionUtils.setProperty(protocolHandler, "secure", "" + false); } Again, note that the "clientauth" value is not printed. Finally, when the brower is pointed at: https://myhost:50443/jmx-console the following appears in the log: 2004-12-06 16:46:58,298 DEBUG [JSSE14Support] - Error getting client certs javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated at com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificates(DashoA12275) at org.apache.tomcat.util.net.jsse.JSSE14Support.getX509Certificates(JSSE14Support.java:151) at org.apache.tomcat.util.net.jsse.JSSESupport.getPeerCertificateChain(JSSESupport.java:166) at org.apache.coyote.http11.Http11Processor.action(Http11Processor.java:1007) at org.apache.coyote.Response.action(Response.java:226) at org.apache.coyote.tomcat4.CoyoteAdapter.postParseRequest(CoyoteAdapter.java:314) at org.apache.coyote.tomcat4.CoyoteAdapter.service(CoyoteAdapter.java:197) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:833) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:711) at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:584) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:687) at java.lang.Thread.run(Thread.java:534) 2004-12-06 16:46:58,325 INFO [Engine] - StandardHost[localhost]: MAPPING configuration error for request URI 2004-12-06 16:46:58,326 INFO [Engine] - StandardHost[localhost]: MAPPING configuration error for request URI If you do not have logging set to DEBUG, all you get is the "MAPPING" INFO log ... So, the Http11Processor in its "action" method is has been passed the value "ActionCode.ACTION_REQ_SSL_CERTIFICATE". Please, whats going on? How does one tell jboss to look at the "clientAuth=false" attribute? Thanks One would think that accessing JBoss via https would be easier to configure. View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3857637#3857637 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3857637 ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user