čtvrtek 26. května 2005

Using SSL with JBoss/Tomcat: key pair selection

A few days ago i spend time searching how to configure JBOss/Tomcat bundle for SSL. You can find many documents or tips such as SSLSetup (JBoss WIKI) or Using SSL With JBoss. But my problem was, that i had keystore with multiple keys. I have been through the many documentations and have not found any mention about setting appropriate key pair or more precisely his alias.

It was very frustrated to see many simillar connector definitions without any change. Bad news was missing DTD in XML configuration file and missing this type of parameter in official documentation SSL Configuration HOW-TO and in The Coyote HTTP/1.1 Connector reference. Fortunately helped me Mr. Google and found outlandish patch comment by Doug Barnes.

These undocumented parameters are keyAlias and keyPass (if you have different password than keystore password).


    <Connector port="8443" address="${jboss.bind.address}"
       maxThreads="100" minSpareThreads="5" maxSpareThreads="15"
       scheme="https" secure="true" clientAuth="false"
       keystoreFile="${jboss.server.home.dir}/conf/keystore"           
       keystorePass="bobinkakadrnozkova" 
       sslProtocol = "TLS" 
       keyAlias="bobi" />