Previous Topic: Enterprise Management Server SSL CommunicationNext Topic: How You Configure CA ControlMinder Enterprise Management for SSL Communication


SSL Communication for JBoss

Starting from 12.7, the JBoss application server is installed with SSL support.You can modify the JBoss SSL communication settings.

Note: For more information about how to configure SSL for JBoss, refer to the JBoss product documentation.

Example: Modify JBoss for SSL Communication on Windows

This example shows you how to configure the JBoss application server to use SSL for secure communication.

Important! This procedure describes how to configure JBoss to use SSL for secure communication using JBoss version 4.2.3 and JDK version 1.5.0.

Follow these steps:

  1. Stop JBoss if it is running.
  2. Open a command-prompt window and navigate to the following directory:
    JBoss_HOME\server\default\deploy\IdentityMinder.ear\custom\ppm\truststore
    
  3. Enter the following command to change the default ssl, keystore password:
    keytool -storepasswd -new <password> -keystore ssl.keystore -storepass secret
    
    -storepasswd

    Specifies to change the keystore password. The password must be at least six (6) characters long.

    -keystore

    Specifies the keystore name to add the certificate.

    -keystore

    Specifies the keystore name.

    -storepass

    Defines the password that is used to protect the keystore.

  4. Enter the following command to create a key for the Enterprise Management Server:
    keytool -genkey -alias entm -keystore ssl.keystore -keyalg RSA
    
    -genkey

    Specifies that the command generates a key pair (public and private keys).

    -alias

    Defines the alias to add an entry to the keystore.

    -keyalg

    Specifies the algorithm to generate the key pair.

    The keytool utility starts.

  5. Enter the password secret.
  6. Complete the prompts as required and press enter to verify the parameters that you entered.

    The certificate is added to the keystore.

    Note: The keystore and key alias must use identical passwords.

  7. Enter the following command to encrypt the keystore password to a file:
    java -cp C:/jboss-4.2.3.GA/server/default/lib/jbosssx.jar org.jboss.security.plugins.FilePassword welcometojboss 13 <password> keystore.password
    

    Note: The Salt and IterationCount are the variables that define the strength of the encrypted password. In this example, "welcometojboss" is the salt and 13 is the iteration count.

  8. Locate the file named server.xml in the following directory and open it for editing:
    JBossInstallDir\server\default\deploy\jboss-web.deployer
    
  9. Locate the <Connector Port> tag in the following section:
    <!-- Define a SSL HTTP/1.1 Connector on port 8443
             This connector uses the JSSE configuration, when using APR, the 
             connector should be using the OpenSSL style configuration
             described in the APR documentation -->
        <!--
        <Connector port="18443" protocol="HTTP/1.1" SSLEnabled="true"
                   maxThreads="150" scheme="https" secure="true"
                   clientAuth="false" sslProtocol="TLS" />
    

    Note: The connector port number corresponds to the JBoss HTTPS Port number that you specified during the prerequisite or CA ControlMinder Enterprise Management installation process.

  10. Uncomment the "<!--" above the <Connector port> tag.

    You can now edit this tag.

  11. Add the following properties to the <Connector port> tag:
    securityDomain="java:/jaas/encrypt-keystore-password" SSLImplementation="org.jboss.net.ssl.JBossImplementation"
    
  12. Save and close the server.xml file.
  13. Navigate to the following directory to locate the jboss-service.xml file:
    JBOss_HOME/server/default/deploy/jboss-web.deployer/META-INF
    
  14. Add the following mbean between the <server> and </server> tags:
    <mbean code="org.jboss.security.plugins.JaasSecurityDomain" name="jboss.security:service=PBESecurityDomain">                        
          <constructor>                                                           
             <arg type="java.lang.String" value="encrypt-keystore-password"></arg>
          </constructor>                                                          
          <attribute name="KeyStoreURL">${jboss.server.home.dir}/deploy/IdentityMinder.ear/custom/ppm/truststore/ssl.keystore</attribute>                                                          
          <attribute name="KeyStorePass">{CLASS}org.jboss.security.plugins.FilePassword:${jboss.server.home.dir}/deploy/IdentityMinder.ear/custom/ppm/truststore/keystore.password</attribute>
    <attribute name="Salt">welcometojboss</attribute>
    <attribute name="IterationCount">13</attribute>
     </mbean>
    

    Note: In the preceding example, welcometojboss is the salt and 13 is the iteration count.

  15. Save and close the jboss-service.xml.
  16. Start and open CA ControlMinder Enterprise Management.

    Note: After you complete this procedure, you can select to connect to JBoss, and CA ControlMinder Enterprise Management, in either SSL or non-SSL modes.