Article

ScorpionSting's picture
article
Reads:

6605

Score:
0
0
 
Comments:

0

How to SSLize User Application on JBoss using eDirectory's Certificate Authority for Linux

Author Info

10 December 2007 - 5:18pm
Submitted by: ScorpionSting

Author Blog
Author Profile

Tags

Tags Map

(View Disclaimer)

Here's what you need to do:

  1. Export the eDirectory CA's Self-Signed, with Private Key, to ca.pfx using iManager.
  2. openssl genrsa -des3 -out certificate-key.pem 1024
  3. openssl req -new -key certificate-key.pem -out certificate-req.pem (Common Name of your JBoss's server eg: servername.domainname.com, leave Email field blank).
  4. Issue TLS/SSL Server certificate to DER format through iManager.
  5. openssl x509 -inform DER -outform PEM -in certificate.der -out certificate.pem
  6. openssl pkcs12 -in ca.pfx -out ca.pem
  7. openssl pkcs12 -export -in certificate.pem -inkey certificate-key.pem -certfile ca.pem -out certificate.p12 -name "servername.domainname.com"
  8. Find org.mortbay.jetty.jar (available with eDirectory/IDM install at /opt/novell/eDirectory/lib/dirxml/classes/org.mortbay.jetty.jar) and run each of the following giving a keystore password of changeit:

    9. java -classpath org.mortbay.jetty.jar org.mortbay.util.PKCS12Import ca.pfx ca.jks

    java -classpath org.mortbay.jetty.jar org.mortbay.util.PKCS12Import certificate.p12 cert.jks

  9. Copy both .jks files to {path_to_userapp}/jboss/server/IDM/conf/
  10. Edit {path_to_userapp}/jboss/server/IDM/deploy/jboss-web.deployer/server.xml adding the following after the "<Connector port="8080"..." entry:
    <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" address="${jboss.bind.address}" maxThreads="100" strategy="ms" maxHttpHeaderSize="8192" emptySessionPath="true" scheme="https" secure="true" clientAuth="false" keystoreFile="${jboss.server.home.dir}/conf/ca.jks" keystorePass="changeit" trustStoreFile="${jboss.server.home.dir}/conf/cert.jks" trustStorePass="changeit" sslProtocol="TLS" />
  11. Start User App


Disclaimer: As with everything else at Cool Solutions, this content is definitely not supported by Novell (so don't even think of calling Support if you try something and it blows up).

It was contributed by a community member and is published "as is." It seems to have worked for at least one person, and might work for you. But please be sure to test, test, test before you do anything drastic with it.



Related Articles


User Comments

© 2013 Novell