Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 266
  • Last Modified:

How to use ssl for webservices

Please tell step by step. I already have my webservices running in jboss (w/o ssl)
  • 2
1 Solution
kumvjuecAuthor Commented:
Can you please tell me the steps. I already have a webservices project that runs without ssl.
the free Quick Documentation that can be downloaded from jboss.org has instructions on how to use SSL with JBoss / Tomcat on pp. 153-156.
Using SSL with JBoss
Author:Tom Coleman <tcoleman@autowares.com>

Adding SSL (Secure Socket Layer) support is simple using JBoss 2.4 with either Tomcat or Jetty Web containers. The specific releases used were JBoss 2.4 BETA Rel_2_4_0_23 with Tomcat 3.2.2, and JBoss-2.4.0_Jetty-3.1.RC8-1.

The target system was a RH Linux 6.2 system using the Sun 1.3 JDK and Sun's Secure Socket Extension, JSSE 1.0.2.

Outstanding Deployment Issues
Multiple site certificates. Support of certificates for multiple sites is currently under discussion. Please post your requirements to the forums or the jboss-user mailing list.

Scott Stark

Installation & Configuration
Download JSSE

If you are using JDK 1.3 or 1.2, JSSE is optional. Download it from Sun's JSSE Page. Jump through the hoops as required.

If you are using JDK 1.4, JSSE is included. But then, JDK 1.4 is another story.

Install JSSE

Follow steps 1 through 5 of the JSSE installation instructions.

If you need to run 'keytool' on your system to create and/or import certificates, copy the JSSE jars to $JAVA_HOME/jre/lib/ext.

Generate a Server Key and Certificate

The following shell script can be used to create a "self-signed" server certificate for testing:

The keystore file will be generated in the directory from which you run keytool. Copy the keystore file to an appropriate directory.

keytool -genkey -alias tomcat -keyalg RSA \
   -dname 'CN=your.domain.com, OU=Skunk Works Unit, O=Your Organization, L=Your Location, S=Your State, C=US' \
   -keypass changeit \
   -storepass changeit \
   -keystore server.keystore

It should be possible to import existing certificates generated with OpenSSL using keytool. See the section Importing SSL certificates in the Tomcat documentation.

Configure Web Container

If using Tomcat - Find the section in the Tomcat server.xml configuration file that starts with, "Uncomment this for SSL support". Uncomment the following section, and insert the location of your server key.

<Connector className="org.apache.tomcat.service.PoolTcpConnector">
    <Parameter name="handler"
    <Parameter name="port"
    <Parameter name="socketFactory"
        value="org.apache.tomcat.net.SSLSocketFactory" />
    <Parameter name="keystore" value="/usr/java/jakarta-tomcat-3.2.2/server.keystore" />
    <Parameter name="keypass" value="changeit" />
Copy the JSSE jars to your $TOMCAT_HOME/lib directory.

If using Jetty - Find the section in the $JBOSS_JETTY_HOME/conf/jetty/jetty.xml configuration file that starts with, "Uncomment this to add an SSL listener". Uncomment the following section, and insert the location of your server key.

<Call name="addListener">
    <New class="com.mortbay.HTTP.SunJsseListener">
      <Set name="Port">8443</Set>
      <Set name="MinThreads">5</Set>
      <Set name="MaxThreads">255</Set>
      <Set name="MaxIdleTimeMs">50000</Set>
      <Set name="Keystore"><SystemProperty name="jetty.home" default="."/>/etc/server.keystore</Set>
         <Set name="Password">changeit</Set>
         <Set name="KeyPassword">changeit</Set>
Start JBoss

Start JBoss and point your browser to https://your-server-name.your-domain:8443 to test your SSL implementation.

If using "self-signed" certificates, you may have to import your test certificate into your browser.

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now