Scribd Logo
Upload

Welcome to Scribd!

  • 256 views

    JBOSS 7.1 and SSL

    Uploaded by

    Emmanuel Uchenna Chukwu
    The document describes the configuration steps to enable SSL mode for a JBoss 7.XX application server to provide connectivity to T24 via IBM WebSphere MQ. It involves generating a private key and certificate, exporting the certificate, importing it into a truststore, and configuring the JBoss server and browser. The server is then started on port 8443 and the browser certificate is installed to allow secure login to T24 over HTTPS.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd

    JBOSS 7.1 and SSL

    Uploaded by

    Emmanuel Uchenna Chukwu
    256 views15 pages
    The document describes the configuration steps to enable SSL mode for a JBoss 7.XX application server to provide connectivity to T24 via IBM WebSphere MQ. It involves generating a private key and certificate, exporting the certificate, importing it into a truststore, and configuring the JBoss server and browser. The server is then started on port 8443 and the browser certificate is installed to allow secure login to T24 over HTTPS.

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    The document describes the configuration steps to enable SSL mode for a JBoss 7.XX application server to provide connectivity to T24 via IBM WebSphere MQ. It involves generating a private key and certificate, exporting the certificate, importing it into a truststore, and configuring the JBoss server and browser. The server is then started on port 8443 and the browser certificate is installed to allow secure login to T24 over HTTPS.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Download as docx, pdf, or txt
    256 views15 pages

    JBOSS 7.1 and SSL

    Uploaded by

    Emmanuel Uchenna Chukwu
    The document describes the configuration steps to enable SSL mode for a JBoss 7.XX application server to provide connectivity to T24 via IBM WebSphere MQ. It involves generating a private key and certificate, exporting the certificate, importing it into a truststore, and configuring the JBoss server and browser. The server is then started on port 8443 and the browser certificate is installed to allow secure login to T24 over HTTPS.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Download as docx, pdf, or txt
    of 15

    JBOSS 7.

    XX EAP Application Server


    Configuration in SSL mode for T24 browser.
    1. Overview
    The aim of this document is to describe the configuration steps required to configure a JBoss 7.XX EAP
    application server to provide T24 connectivity by means of an IBM WebSphere MQ server as the
    messaging engine in SSL mode.

    2. Prerequisite
     JBOSS 7.1 EAP
     TAFC / TAFJ
     Java JDK 1.6 or JDK 1.7
     BrowserWeb.war

    3. Configuration of SSL mode.

    Step 1: Generate a private key in keystore file


    Java Keytool stores the keys and certificates in the keystore file. If you are a “Windows” user, the
    Keytool command should be executed in the Java bin directory. In my case the directory is “C:\Program
    Files (x86)\Java\jre1.8.0_162\bin \″ and the following command should be executed,

    keytool -genkey -keyalg RSA -keystore server.p12

    Once the preceding command is executed, you will be asked for the password, for this article, let us give
    the password as “megabyte”. Once you give the password, you will be asking for the details as specified
    in the image below

    C:\Program Files (x86)\Java\jre1.8.0_162\bin>keytool -genkey -keyalg RSA -keystore server.p12

    Password: megabyte
    Next we should verify the newly created key store file.

    Step 2 – Verify the newly created keystore file


    In Step2, Let us verify the newly created server.p12 file using the following command,

    keytool -list -v -keystore server.p12

    After executing the above command, you will get the details as specified in the image below,

    C:\Program Files (x86)\Java\jre1.8.0_162\bin>keytool -list -v -keystore server.p12


    server.p12 will be stored in command executed folder

    Step 3 – Export the certificate

    In step3, Let us see how to export a self-signed certificate.

    -----BEGIN CERTIFICATE-----

    MIIDizCCAnOgAwIBAgIEERdjvjANBgkqhkiG9w0BAQsFADB2MQswCQYDVQQGEwJVSzELMAk
    GA1UE
    CBMCTkMxDzANBgNVBAcTBkxvbmRvbjEeMBwGA1UEChMVYXNpYS50ZW1lbm9zZ3JvdXAuY
    29tMRQw
    EgYDVQQLEwtFbmdpbmVlcmluZzETMBEGA1UEAxMKMTAuOTIuNC44NDAeFw0xNTA4MjgwO
    TMxNTRa
    Fw0xNTExMjYwOTMxNTRaMHYxCzAJBgNVBAYTAlVLMQswCQYDVQQIEwJOQzEPMA0GA1
    UEBxMGTG9u
    ZG9uMR4wHAYDVQQKExVhc2lhLnRlbWVub3Nncm91cC5jb20xFDASBgNVBAsTC0VuZ2luZWV
    yaW5n
    MRMwEQYDVQQDEwoxMC45Mi40Ljg0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCA
    QEAkbfs
    rqMjZJBCRlIdKWePL8X7f2ISchzyMLOchlKztHVpAn5Rc2vXvzp742iGjAHRBMJCw7qxnaN3FZ0e
    Ox+Qv4VWr0MEndCiAHYPqCPKOeruXweunpBAI1t+UP4HQm3h7KKg6wPHGLwWnw6Vj4a96eU
    VSOGc
    GEFuhsIEelpxC6p0y6KdKgquBQVAC+SVUlcOgRYSs/tKfOpn59MBrT/H5TNewzzvDbUP3KooBBP/
    O88p23PMtgs5NfHU9f9cJPdQigcU3OLhUqAOvwO5q3GMfo4FDOciiAggV1eDISK3UG8hrxxLOB2k
    7vSAv8PPq22QNMxzou8pcfRCh7WJjU3nHwIDAQABoyEwHzAdBgNVHQ4EFgQU3Eev5XwQ1kLX
    E57A
    4T3I6yz+1xIwDQYJKoZIhvcNAQELBQADggEBABCaks5G4bN5iZY3V5WxVqZOHD04+EfZFvqfit+
    b
    PUEGk9BinjKZtGNnPMBCKcpoQQ0z4S+8YdOfOynhFl1YZ86Oty1pW6DPcRZ6/5OT1ZArK2nLesW
    c
    AiWcmwbRd8L23WhRLAa/yTW+oQ/rsnWQuu1krovYr9m9FbGmvnboBv3K1Alu0w/
    HIQVw3D+2kcX1
    PegprKbq0EQCfneAI5RkYN+A/
    Y+PU8GlFLaGtbfFfLdNSZCMJ5S+rg+CNI5M9NwmS4JNwxhN2hSw
    nb4tNlfe2CzMlMPbYjeeLbHUgbqHDm5E+jxdHTh/R3RzmIzA2a+senrjX182wouz0XLUZVDNEsI=

    -----END CERTIFICATE-----

    The preceding self-signed certificate should be stored in a file named “sslSelfSC.cer” and then execute
    the following command,

    keytool -export -keystore server.p12 -rfc -file sslSelfSC.cer

    After executing the above command, you will be asked for the password, Give the same password
    “megabyte” and you will get the details as specified in the image below,

    Next we should import the certificate in to the truststore file.

    Step 4 – Import the certificate in to the truststore file

    In step4, Let us import the certificate by executing the below command,

    keytool -import -file sslSelfSC.cer -keystore servertrust.p12


    After executing the preceding command,  Give the same password “megabyte” and you will get the
    details as specified in the image below,

    Next let us verify the newly created trust store file.

    Step 5 – Verify the newly created trust store file:

    In step5, verify the newly created trust store file by executing the following command,

    keytool -list -v -keystore servertrust.p12

    After executing the preceding command, you will get the details as specified in the image below,
    Which can be copied and pasted for the desire folder

    4.1 Configuration in jboss EAP 7.XX


    For jboss 7.1 and above wildfly version is 10 .

    Important: From WildFly 8 onwards Web subsystem is replaced by Undertow subsystem.

    Step1:

     open standalone.xml
      Now under management option create custom security-realm with any name you want I have
    given "SslRelam as shown below:

    <security-realm name="SslRealm">
    <server-identities>
    <ssl>
    <keystore path="C:\server.p12" keystore-password="megabyte"/>
    </ssl>
    </server-identities>
    </security-realm>

    STEP2:
    Under profile option expand undertow subsystem there are two main parts which are server and Servlet
    container configuration

    Add https-listener under server under the tag <server name="default-server"> for SslRealm created in
    step1:

    <https-listener name="default-ssl" socket-binding="https" security-realm="SslRealm"/>

    Save the changes and restart the server.


    TAFC : standalone-full.xml
    (For TAFJ identify which standalone file the startup.bat is running to start the
    server and make the above changes to it)

    TAFJ : standalone-Slot01.xml

    5. Start Jboss

    standalone.bat --server-config=standalone-full.xml -b 0.0.0.0

    Which port to access https is defined in standalone-full.xml under :

    <socket-binding name="https" port="${jboss.https.port:8443}"/>

    (for TAFJ identify if their any offset added to port make


    Example: http defined in socket is 8080 and browser is opened in 9089 port
    number then the offset is 1009
    Similarly for https default is 8443 add the offset 1009 u can access from port
    number 9452)

    1. Certificate Installation in Browser


    Even though the jboss in ssl mode is running when you access the localhost in https you may get this
    below error

    Got to more information -> access the site


    To remove this certificate error. We need to import the certificate,to do so follow the steps given below

    1.Right click on the error,Select view certificate


    2.Click install certificate

    3.Certificate Installation Wizard will open ,Select current user


    4.Select place all certificate in following store

    5.Click Browse,Select the check box “show physical stores” in browse wizard

    6.Select Trusted Root Certification authorities (this will internal import the truststore in system make
    sure the name given while creating truststore is localhost)

    After which we will get the wizard as


    7.click finish

    8.Certificate imported successfully , click ok

    9.click ok on import certificate wizard

    Restart jboss and jbase_agent open the link in new browser session

    Now the SSL works fine with HTTPS.


    Note: The name ‘localhost’ should be same with the Common Name (CN) provided while creating a
    keystore and truststore.

    7. Login to T24 browser


    Start the database and try to login to T24 with SSL enabled.

    URL: https://localhost:8443/BrowserWeb/servlet/BrowserServlet
    ------------------------------------------------------------------------------------------------------------------------------------------

    Even for TAFJ it is working by following similar produce :

    You might also like