By default, JBoss is not installed with SSL support. This means that all communication between CA ControlMinder Enterprise Management and JBoss is not encrypted. You can configure JBoss to use SSL for secure communication.
Note: For more information about how to configure SSL for JBoss, refer to the JBoss product documentation.
Example: Configure JBoss for SSL Communication on Windows
This example shows you how to configure the JBoss application server to use SSL for secure communication.
Important! This procedure describes how to configure JBoss to use SSL for secure communication using JBoss version 4.2.3 and JDK version 1.5.0.
Follow these steps:
JBoss_HOME\server\default\deploy\IdentityMinder.ear\custom\ppm\truststore
keytool -storepasswd -new password -keystore ssl.keystore -storepass secret
Specifies to change the keystore password. The password must be at least six (6) characters long.
Specifies the keystore name to add the certificate.
Specifies the keystore name.
Defines the password used to protect the keystore.
keytool -genkey -alias entm -keystore ssl.keystore -keyalg RSA
Specifies that the command should generate a key pair (public and private keys).
Defines the alias to use for adding an entry to the keystore.
Specifies the algorithm to use to generate the key pair.
The keytool utility starts.
The certificate is added to the keystore.
Note: The keystore and key alias must use identical passwords.
java -cp JBoss_HOME/server/default/lib/jbossx.jar org.jboss.security.plugins.FilePassword welcometojboss 13 passowrd <kestore_password> keystore.password
Note: The Salt and IterationCount are the variables that define the strength of the encrypted password. In the this example, "welcometojboss" is the salt and 13 is the iteration count.
JBossInstallDir\server\default\deploy\jboss-web.deployer
<!-- Define a SSL HTTP/1.1 Connector on port 8443
This connector uses the JSSE configuration, when using APR, the
connector should be using the OpenSSL style configuration
described in the APR documentation -->
<!--
<Connector port="18443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
Note: The connector port number corresponds to the JBoss HTTPS Port number that you specified during the prerequisite or CA ControlMinder Enterprise Management installation process.
You can now edit this tag.
securityDomain="java:/jaas/encrypt-keystore-password" SSLImplementation="org.jboss.net.ssl.JBossImplementation"
JBOss_HOME/server/default/deploy/jboss-web.deployer/META-INF
<mbean code="org.jboss.security.plugins.JaasSecurityDomain" name="jboss.security:service=PBESecurityDomain">
<constructor>
<arg type="java.lang.String" value="encrypt-keystore-password"></arg>
</constructor>
<attribute name="KeyStoreURL">${jboss.server.home.dir}/deploy/IdentityMinder.ear/custom/ppm/truststore/ssl.keystore</attribute>
<attribute name="KeyStorePass">{CLASS}org.jboss.security.plugins.FilePassword:${jboss.server.home.dir}/deploy/IdentityMinder.ear/custom/ppm/truststore/keystore.password</attribute>
<attribute name="Salt">welcometojboss</attribute>
<attribute name="IterationCount">13</attribute>
</mbean>
Note: In the above example,welcometojboss is the salt and 13 is the iteration count.
Note: After you complete this procedure, you can select to connect to JBoss, and CA ControlMinder Enterprise Management, in either SSL or non-SSL modes.
|
Copyright © 2013 CA Technologies.
All rights reserved.
|
|