In jboss server, in which file we define to look the keystore certificates?
I'm facing errors and when saw the boot.log file, its taking some certificate which is not available in my server.
boot.log file:
DEBUG [ServerInfo] javax.net.ssl.keyStore: C:/jboss/jboss-appserver/server/conf/clientCerts.jks
when boot.log file is generated, which file does it read??
It's in the connector definition
<Connector
port="8443" minSpareThreads="5" maxSpareThreads="75"
enableLookups="true" disableUploadTimeout="true"
acceptCount="100" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
SSLCertificateFile="/usr/local/ssl/server.crt"
SSLCertificateKeyFile="/usr/local/ssl/server.pem"
clientAuth="false" sslProtocol="TLS"/>
see https://docs.jboss.org/jbossweb/3.0.x/ssl-howto.html
Related
I have added below the code in my Tomcat /server.xml for enable the gzip but not work
<Connector port="8080" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" redirectPort="8443" acceptCount="100"
connectionTimeout="20000" disableUploadTimeout="true"
compression="on"
compressionMinSize="2048"
noCompressionUserAgents="gozilla, traviata"
compressableMimeType="text/html,text/xml"/>
This work me for locally but not on my WEB SERVER i.e tomcat server having Https/SSL protocol
Any buddies can help me ?
Thanks in advance for replying.
Try to use same configuration for SSL port also its basically port 8443,edit you server.xml near SSL port like below. first you need to uncomment this line
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true" clientAuth="false"
sslProtocol="TLS" acceptCount="100" connectionTimeout="20000"
disableUploadTimeout="true" compression="on" compressionMinSize="2048"
noCompressionUserAgents="gozilla, traviata"
compressableMimeType="text/html,text/xml"/>
I am trying to host my service with http and https. i have hosted in http and in https using keyStore generated using KeyStore tool.
Both of these worked.
Now i am trying to host x509 certificate and i am getting webpage is not available. i think issue is in configuring x509. let me know my mistake.
Working Setting, keystore
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="C:\apache server for hosting\keystore"
keystorePass="pass#word1" />
not working setting, x509 certificate
<Connector port="8444" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" SSLEngine="on"
SSLCertificateFile="C:\apache server for hosting\JavaWebserviceCert.cer"
SSLCertificateKeyFile="C:\apache server for hosting\JavaServicePrivateKey.pfx"
SSLVerifyClient="require" SSLVerifyDepth="10" />
Regards
Here I'm having a problem with server.xml file configuration on tomcat(8.0.9)
my tomcat works when SSLEnabled="false" but otherwise it
provides "This webpage is not available" or "SSL Connection error"
to get additional information I checked log file but
it doesn't give any exception or error.
below is the main part of my server.xml file
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443"
URIEncoding="UTF-8"
maxThreads="150" scheme="https" secure="true"
keystoreFile="/home/tomcat_home/conf/some.jks"
keystorePass="somePW"
SSLEnabled="true"
clientAuth="false"
sslProtocols="TLSv1, TLSv1.1, TLSv1.2"
minSpareThreads="5"
maxSpareThreads="75"
enableLookups="true"
disableUploadTimeout="true"
acceptCount="100"
ciphers="TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA"
>
please give me your kind advices.
You need to run https on port 8443. Change the connectors to this and change the password to fit your keystore:
<Connector port="8080" connectionTimeout="20000" protocol="HTTP/1.1" redirectPort="8443" />
<Connector port="8443" keystorePass="changeit" protocol="org.apache.coyote.http11.Http11Protocol" maxThreads="150" SSLEnabled="true" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" />
I am using Tomcat 5.5 & JDK 1.5.0_21. Tomcat 5.5 is successful started. I need to access tomcat in secure mode, but not able to access the application using 'https:localhost' but able to access as 'http:localhost:portno.'.
The SSL settings is as below :
<!-- Define a non-SSL HTTP/1.1 Connector on port 8080 -->
<Connector URIEncoding="UTF-8" acceptCount="100" connectionTimeout="20000" disableUploadTimeout="true" enableLookups="false" maxHttpHeaderSize="8192" maxSpareThreads="75" maxThreads="150" minSpareThreads="25" port="8080" redirectPort="443"/>
<!-- Define a SSL HTTP/1.1 Connector on port 8443 -->
<Connector URIEncoding="UTF-8" acceptCount="100" clientAuth="false" debug="0" disableUploadTimeout="true" enableLookups="false" keystoreFile=".keystore" maxSpareThreads="75" maxThreads="150" minSpareThreads="25" port="443" scheme="https" secure="true" sslProtocol="TLS"/>
Would there be any other server setting issue or browser settings i need to check for ? Please suggest
Thanks in Advance
You have a typo in the SSL configuration.
port="443"
Change it to port="8443"
I am having problem using SSL with my application. I did the following:
I added the following passage to my security-contraint tag:
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
and added the following in my Server.xml in Tomcat
<Connector port="8443"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="true" disableUploadTimeout="true"
acceptCount="100" debug="0" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="c:/keystore.key"
keystorePass="mypassword" />
Now at
https://localhost:8443/Appname/page.jsp
I get the following
Secure Connection Failed
An error occurred during a connection to localhost:8443.
SSL received a record that exceeded the maximum permissible length.
(Error code: ssl_error_rx_record_too_long)
The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem. Alternatively, use the command found in the help menu to report this broken site.
Any suggestions ?
You must set SSLEnabled to true on your connector.
<Connector port="8443"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="true" disableUploadTimeout="true"
acceptCount="100" debug="0" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="c:/keystore.key"
keystorePass="mypassword"
SSLEnabled="true" />
It also depends on the browser you are using. Myself had the same issue in my local environment. I have tried in Firefox and Chrome and faced this issue. But when I tried in Internet Explorer after reading couple post on the google, it worked with no issues.
-Thanks