Starting from 12.7, the JBoss application server is installed with SSL support.You can modify the JBoss SSL communication settings.
Note: For more information about how to configure SSL for JBoss, refer to the JBoss product documentation.
Example: Modify JBoss for SSL Communication on Windows
This example shows you how to configure the JBoss application server to use SSL for secure communication.
Important! This procedure describes how to configure JBoss to use SSL for secure communication using JBoss version 4.2.3 and JDK version 1.5.0.
Follow these steps:
JBoss_HOME\server\default\deploy\IdentityMinder.ear\custom\ppm\truststore
keytool -storepasswd -new <password> -keystore ssl.keystore -storepass secret
Specifies to change the keystore password. The password must be at least six (6) characters long.
Specifies the keystore name to add the certificate.
Specifies the keystore name.
Defines the password that is used to protect the keystore.
keytool -genkey -alias entm -keystore ssl.keystore -keyalg RSA
Specifies that the command generates a key pair (public and private keys).
Defines the alias to add an entry to the keystore.
Specifies the algorithm to generate the key pair.
The keytool utility starts.
The certificate is added to the keystore.
Note: The keystore and key alias must use identical passwords.
java -cp C:/jboss-4.2.3.GA/server/default/lib/jbosssx.jar org.jboss.security.plugins.FilePassword welcometojboss 13 <password> keystore.password
Note: The Salt and IterationCount are the variables that define the strength of the encrypted password. In this example, "welcometojboss" is the salt and 13 is the iteration count.
JBossInstallDir\server\default\deploy\jboss-web.deployer
<!-- Define a SSL HTTP/1.1 Connector on port 8443 This connector uses the JSSE configuration, when using APR, the connector should be using the OpenSSL style configuration described in the APR documentation --> <!-- <Connector port="18443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" />
Note: The connector port number corresponds to the JBoss HTTPS Port number that you specified during the prerequisite or CA ControlMinder Enterprise Management installation process.
You can now edit this tag.
securityDomain="java:/jaas/encrypt-keystore-password" SSLImplementation="org.jboss.net.ssl.JBossImplementation"
JBOss_HOME/server/default/deploy/jboss-web.deployer/META-INF
<mbean code="org.jboss.security.plugins.JaasSecurityDomain" name="jboss.security:service=PBESecurityDomain"> <constructor> <arg type="java.lang.String" value="encrypt-keystore-password"></arg> </constructor> <attribute name="KeyStoreURL">${jboss.server.home.dir}/deploy/IdentityMinder.ear/custom/ppm/truststore/ssl.keystore</attribute> <attribute name="KeyStorePass">{CLASS}org.jboss.security.plugins.FilePassword:${jboss.server.home.dir}/deploy/IdentityMinder.ear/custom/ppm/truststore/keystore.password</attribute> <attribute name="Salt">welcometojboss</attribute> <attribute name="IterationCount">13</attribute> </mbean>
Note: In the preceding example, welcometojboss is the salt and 13 is the iteration count.
Note: After you complete this procedure, you can select to connect to JBoss, and CA ControlMinder Enterprise Management, in either SSL or non-SSL modes.
Copyright © 2013 CA Technologies.
All rights reserved.
|
|