Home > Archive > Java Security > April 2004 > Jboss/Tomcat SSL and mozilla
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Jboss/Tomcat SSL and mozilla
|
|
| Boris Bralo 2004-04-07, 6:33 am |
| Hi all,
I got -12229 mozilla error code when I try to connect to my web app, ( after
I accept certificate ).
IE , Opera connects OK.
App server is Jboss 3.2.3/Tomcat 4.1 and cerificate is generated using
keytool ( cmd line was keytool -genkey -keyalg RSA -sigalg
SHA1WithRSA ... )
--
Boris
| |
| Duncan Eley 2004-04-07, 7:33 am |
| On Wed, 07 Apr 2004 11:27:29 +0200, Boris Bralo <boris.bralo@soko.hr>
wrote:
>Hi all,
>
>I got -12229 mozilla error code when I try to connect to my web app, ( after
>I accept certificate ).
>IE , Opera connects OK.
>App server is Jboss 3.2.3/Tomcat 4.1 and cerificate is generated using
>keytool ( cmd line was keytool -genkey -keyalg RSA -sigalg
>SHA1WithRSA ... )
Hi Boris,
I just thought I'd let you know that I use Mozilla Firefox with JBoss
3.2.3/Tomcat4.1.29 and everything works ok, so your problem *may* not
be an issue with Mozilla. However, I do generate my key differently to
you: I do not use the -sigalg switch, which defaults to md5RSA. Maybe
this will make a difference?
Have you looked at what the Mozilla error code means? You can find the
meanings here, which may be helpful:
http://www.mozilla.org/projects/sec...ssl/sslerr.html
Regards,
Duncan Eley
duncan.eleyREM@VEbcs.org.uk
| |
| Boris Bralo 2004-04-07, 8:42 am |
| Hi Duncan,
Nope, I can't get it work. Can you send me keytool command line you used?
>
> Hi Boris,
>
> I just thought I'd let you know that I use Mozilla Firefox with JBoss
> 3.2.3/Tomcat4.1.29 and everything works ok, so your problem *may* not
> be an issue with Mozilla. However, I do generate my key differently to
> you: I do not use the -sigalg switch, which defaults to md5RSA. Maybe
> this will make a difference?
>
> Have you looked at what the Mozilla error code means? You can find the
> meanings here, which may be helpful:
> http://www.mozilla.org/projects/sec...ssl/sslerr.html
>
> Regards,
>
Boris
| |
| Duncan Eley 2004-04-07, 8:42 am |
| On Wed, 07 Apr 2004 13:21:54 +0200, Boris Bralo <boris.bralo@soko.hr>
wrote:
>Hi Duncan,
>
>Nope, I can't get it work. Can you send me keytool command line you used?
>
Hi Boris,
Here is my keytool coomand line:
keytool -genkey -keyalg rsa -keystore myks.ks
However, the certificate may not be the problem; it was just a shot in
the dark, so I will explain my JBoss/Tomcat settings too in case you
have a problem there. The documentation for JBoss is quite shocking so
it wouldn't surprise me!
1. In the file %JBOSS_HOME%\server\default\conf\jboss-service.xml I
have an mbean entry as follows:
<mbean code="org.jboss.security.plugins.JaasSecurityDomain"
name=" Security:service=JaasSecurityDomain,doma
in=TomcatSSL">
<depends>jboss.security:service=JaasSecurityManager</depends>
<constructor>
<arg type="java.lang.String" value="TomcatSSL" />
</constructor>
<attribute name="KeyStoreURL">file://C:\myks.ks</attribute>
<attribute name="KeyStorePass">myPassword</attribute>
</mbean>
2. In the file
%JBOSS_HOME%\server\default\deploy\jboss
web-tomcat41.sar\META-INF\jboss-service.xml:
Find the HTTP/1.1 connector. The connector has a number of attributes.
I have added a new attribute called redirectPort and given it a value
of 8443. E.g. redirectPort="8443".
3. Underneath that connector in the same file I created a new
connector for port 8443 as follows:
<Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
port="8443" minProcessors="5" maxProcessors="75"
enableLookups="false"
acceptCount="100" debug="0" scheme="https" secure="true"
useURIValidationHack="false" disableUploadTimeout="true">
<Factory
className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory"
keystoreFile="C:\myks.ks" keystorePass="myPassword"
clientAuth="false" protocol="TLS" />
</Connector>
Please note: this is for configuring HTTPS only, not RMI SSL.
HTH,
Duncan Eley
duncan.eleyREM@VEbcs.org.uk
| |
| Boris Bralo 2004-04-07, 10:41 am |
| Hi Duncan
I tried with mozilla 1.2.1 and it worked ,
so it's obviously a mozilla issue.
Anyway, thanks.
Boris
|
|
|
|
|