Cool Solutions

How to SSLize User Application on JBoss using eDirectory’s Certificate Authority for Linux

ScorpionSting

By:

December 10, 2007 5:18 pm

Reads:6,989

Comments:0

Score:Unrated

Here’s what you need to do:

  1. Export the eDirectory CA’s Self-Signed, with Private Key, to ca.pfx using iManager.
  2. openssl genrsa -des3 -out certificate-key.pem 1024
  3. openssl req -new -key certificate-key.pem -out certificate-req.pem (Common Name of your JBoss’s server eg: servername.domainname.com, leave Email field blank).
  4. Issue TLS/SSL Server certificate to DER format through iManager.
  5. openssl x509 -inform DER -outform PEM -in certificate.der -out certificate.pem
  6. openssl pkcs12 -in ca.pfx -out ca.pem
  7. openssl pkcs12 -export -in certificate.pem -inkey certificate-key.pem -certfile ca.pem -out certificate.p12 -name "servername.domainname.com"
  8. Find org.mortbay.jetty.jar (available with eDirectory/IDM install at /opt/novell/eDirectory/lib/dirxml/classes/org.mortbay.jetty.jar) and run each of the following giving a keystore password of changeit:
  9. java -classpath org.mortbay.jetty.jar org.mortbay.util.PKCS12Import ca.pfx ca.jks

    java -classpath org.mortbay.jetty.jar org.mortbay.util.PKCS12Import certificate.p12 cert.jks

  10. Copy both .jks files to {path_to_userapp}/jboss/server/IDM/conf/
  11. Edit {path_to_userapp}/jboss/server/IDM/deploy/jboss-web.deployer/server.xml adding the following after the “<Connector port="8080"...” entry:
    <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" address="${jboss.bind.address}" maxThreads="100" strategy="ms" maxHttpHeaderSize="8192" emptySessionPath="true" scheme="https" secure="true" clientAuth="false" keystoreFile="${jboss.server.home.dir}/conf/ca.jks" keystorePass="changeit" trustStoreFile="${jboss.server.home.dir}/conf/cert.jks" trustStorePass="changeit" sslProtocol="TLS" />
  12. Start User App
0 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 5 (0 votes, average: 0.00 out of 5)
You need to be a registered member to rate this post.
Loading ... Loading ...

Categories: Uncategorized

Disclaimer: This content is not supported by Novell. It was contributed by a community member and is published "as is." It seems to have worked for at least one person, and might work for you. But please be sure to test it thoroughly before using it in a production environment.

Comment

RSS