JBoss EAP 6.2.2.GA (AS 7.3.2.Final-redhat-2) SSL

JBoss EAP 6.2.2.GA (AS 7.3.2.Final-redhat-2) SSL

  
Hello,

I'm trying configure https on JBoss.

I performed the follow steps:

-Imported the certificate
#keytool -import -alias AliasName -keystore /var/lib/jbossas/standalone/configuration/cacerts.truststore -trustcacerts -file mycertificate.cer

The certificate was included with sucess

-Changed the secure on /etc/jbossas/standalone/standalone-outsystems.xml to "true"
<connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" secure="true" enabled="true">

After restart the service
#service jboss-outsystems restart

I have this error:

17:09:38,715 ERROR [org.jboss.as] (Controller Boot Thread) JBAS015875: JBoss EAP 6.2.2.GA (AS 7.3.2.Final-redhat-2) started (with errors) in 28369ms - Started 4003 of 4093 services (1 services failed or missing dependencies, 89 services are passive or on-demand)

What is wrong?

Thanks

Hi Tiago,

Doesn't it show any details of what service failed to initialize before that line?
There should be a more detail message of the actual error.

Edit: oh just noticed that you added the certificate to the ca trust store and not the server.keystore that should be the issue.

Check this thread for the instructions:
http://www.outsystems.com/forums/discussion/12228/how-to-configure-ssl-in-outsystems-platform-with-jboss-7-1-1-as-or-jboss-eap-6-2/

Regards,
João Rosado
Thanks João for your help

Before that error log I found this part on the server.log:

09:43:00,946 INFO  [org.jboss.as.controller] (Controller Boot Thread) JBAS014774: Service status report
JBAS014777:   Services which failed to start:      service jboss.web.connector.https: org.jboss.msc.service.StartException in service jboss.web.connector.https: JBAS018007: Error starting web connector
 
09:43:00,962 INFO  [org.jboss.as] (Controller Boot Thread) JBAS015961: Http management interface listening on http://127.0.0.1:9990/management

I imported the certificate into server.keystore, but the problem still.

On the file /etc/jbossas/standalone/standalone-outsystems.xml I just changed the secure="true", all the other fields I kept

Regards,
Tiago Vital
 
João, I could find more detail on the console.log:

10:21:25,130 ERROR [org.apache.coyote.http11] (MSC service thread 1-4) JBWEB003043: Error initializing endpoint: java.io.IOException: JBWEB002001: SSL configuration is invalid due to No available certificate or key corresponds to the SSL cipher suites which are enabled.
        at org.apache.tomcat.util.net.jsse.JSSESocketFactory.checkConfig(JSSESocketFactory.java:778) [jbossweb.jar:7.3.1.Final-redhat-1]
        at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:483) [jbossweb.jar:7.3.1.Final-redhat-1]
        at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:162) [jbossweb.jar:7.3.1.Final-redhat-1]
        at org.apache.tomcat.util.net.JIoEndpoint.init(JIoEndpoint.java:973) [jbossweb.jar:7.3.1.Final-redhat-1]
        at org.apache.coyote.http11.Http11Protocol.init(Http11Protocol.java:174) [jbossweb.jar:7.3.1.Final-redhat-1]
        at org.apache.catalina.connector.Connector.init(Connector.java:985) [jbossweb.jar:7.3.1.Final-redhat-1]
        at org.jboss.as.web.WebConnectorService.start(WebConnectorService.java:304) [jboss-as-web.jar:7.3.2.Final-redhat-2]
        at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1811) [jboss-msc.jar:1.0.4.GA-redhat-1]
        at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1746) [jboss-msc.jar:1.0.4.GA-redhat-1]
        at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:895) [rt.jar:1.6.0_45]
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:918) [rt.jar:1.6.0_45]
        at java.lang.Thread.run(Thread.java:662) [rt.jar:1.6.0_45]
Caused by: javax.net.ssl.SSLException: No available certificate or key corresponds to the SSL cipher suites which are enabled.
        at com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.checkEnabledSuites(SSLServerSocketImpl.java:310) [jsse.jar:1.6]
        at com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.accept(SSLServerSocketImpl.java:255) [jsse.jar:1.6]
        at org.apache.tomcat.util.net.jsse.JSSESocketFactory.checkConfig(JSSESocketFactory.java:774) [jbossweb.jar:7.3.1.Final-redhat-1]
        ... 11 more
 
10:21:25,194 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-4) MSC000001: Failed to start service jboss.web.connector.https: org.jboss.msc.service.StartException in service jboss.web.connector.https: JBAS018007: Error starting web connector
        at org.jboss.as.web.WebConnectorService.start(WebConnectorService.java:362)
        at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1811) [jboss-msc.jar:1.0.4.GA-redhat-1]
        at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1746) [jboss-msc.jar:1.0.4.GA-redhat-1]
        at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:895) [rt.jar:1.6.0_45]
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:918) [rt.jar:1.6.0_45]
        at java.lang.Thread.run(Thread.java:662) [rt.jar:1.6.0_45]
Caused by: LifecycleException:  JBWEB000023: Protocol handler initialization failed
        at org.apache.catalina.connector.Connector.init(Connector.java:987)
        at org.jboss.as.web.WebConnectorService.start(WebConnectorService.java:304)
        ... 5 more

The problem is with the certificate.

I have the certificate.cer that I imported into server.keystore and the key file.p12 

Do you know where I need to configure the p12 file ?

Thanks a lot
 
Hi, João

I could install now with success

The problem was the certificate and keystore password were different

I just change the keystore password to the same certificate and the jboss started with success.

keytool -storepasswd -new <new_password> -storepass outsystems -keystore /etc/jbossas/standalone/server.keystore

Thanks regards