Category: JBoss

JBoss SSL server configuration

File to enable SSL in  JBoss  server

${Home_Path}/jboss-4.2.2.GA/server/all/deploy/jboss-web.deployer/server.xml

Please add the below ciphers configuration to over come the exception  ssl_error_weak_server_ephemeral_dh_key error in JBoss.

<Connector port=”7443″ protocol=”HTTP/1.1″ SSLEnabled=”true”
maxThreads=”150″ scheme=”https” secure=”true”
clientAuth=”false”
strategy=”ms”
address=”${jboss.bind.address}”
keystoreFile=”${jboss.server.home.dir}/conf/clientkeystore”
keystorePass=”Password0″
sslProtocol=”TLS”
ciphers=”TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA,
TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,
TLS_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA”
/>

Steps to enable SSL in Apache tomcat 8

Step 1 : Need to generate a self-signed certificate using key tool. Go to terminal and type the below command


keytool -keystore clientkeystore -genkey -alias client -keyalg RSA 

It will ask for password and the organization details(optional). Enter the relevant details and finally it will generate the key file called “clientkeystore”. Step 2: Go to Apache tomcat location and conf folder.Then edit server.xml file and un commented the below line Find the following declaration:

<!--
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
 maxThreads="150" scheme="https" secure="true"
 clientAuth="false" sslProtocol="TLS" />
-->

Uncomment it and modify it to look like the following:

<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
 maxThreads="150" scheme="https" secure="true"
 clientAuth="false" sslProtocol="TLS"
 keystoreFile="/etc/tomcat6/keystore"
 keystorePass="changeit" />

keystoreFile location of your clientkeystore generated in setep 1. changeit is the password give in step 1 during key generation. Step 3: Go to web.xml in conf folder and add the below configuration,


<security-constraint>
 <web-resource-collection>
 <web-resource-name>Security</web-resource-name>
 <url-pattern>/*</url-pattern>
 </web-resource-collection>
 <user-data-constraint>
 <transport-guarantee>CONFIDENTIAL</transport-guarantee>
 </user-data-constraint>
 </security-constraint>

The url pattern is set to /* so any page/resource from your application is secure (it can be only accessed with https). Thetransport-guarantee tag is set to CONFIDENTIAL to make sure your app will work on SSL. If you want to turn off the SSL, you don’t need to delete the code above from web.xml, simply change CONFIDENTIAL to NONE.

JBoss 5.1 Disable/Enable Hot Deploy(HDScanner)

Disable Hot Deploy on JBoss 5.1 is easy, just file jbossAs/server/server-profile/deploy/hdscanner-jboss-beans.xml  remove or move to another folder.

Hot Deploy is disabled, you can deploy/redeploy/undeploy aplications via twiddle.sh,for example:

deploy:
./jbossAs/bin/twiddle.sh -s localhost invoke “jboss.system:service=MainDeployer” deploy “file:/hileWhichYouWantDeploy”

redeploy:
./jbossAs/bin/twiddle.sh -s localhost invoke “jboss.system:service=MainDeployer” redeploy “file:/hileWhichYouWantReDeploy”

undeploy:
./jbossAs/bin/twiddle.sh -s localhost invoke “jboss.system:service=MainDeployer” undeploy “file:/hileWhichYouWantUnDeploy”

To re-enable the Hot Deploy, just copy file hdscanner-jboss-beans.xml to folder jbossAs/server/server-profile/deploy/ and execute

./twiddle.sh -s localhost invoke “jboss.system:service=MainDeployer” deploy “file:/home/jbossAs5/server/server-profile/deploy/hdscanner-jboss-beans.xml”