Monday, June 18, 2012

2-Way SSL in JBoss 7.1.1

As I tried to setup 2-way SSL in JBOSS 7.1.1, the documentation kept on referring to 1-way SSL (even though it was not clearly stated so). I was looking for a simple configuration that will enable a certificate to be used as authentication and to be used in a 2-way SSL protocol. Given that the documentation was not properly describing how to do this, I found a post pointing to check XSD documents to see what other configuration options are available in JBOSS. As I was simply trying to configure in "standalone" mode, this is what I did:

First I looked for the XSD files available in the distribution:
find -name *.xsd | grep 1.1
Then I looked for the definition of the "sslType" within the XSD jboss-as-web_1.1.xsd (hopefully you can guess why I chose that one over the 1.0 xsd). Luckily, their XSD was well documented (using XSD comments) which allowed me to see how to setup a "truststore" for my ssl configuration. Here is a snippet of my "standalone.xml" file.:

Hopefully this will help anyone looking for similar information. I took me a little bit to realize that this was not an easy search on Google, thus I had to look it up in the XSD file within the JBoss distribution.

One additional note: The "alias" specified in the keystore-file is the one you defined when creating your keystore. In case you missed this, this can be done doing the following:
keytool -genkey -alias foo -keyalg RSA -keystore dev-server.keystore

What this will do is generate a keystore named "dev-server.keystore" with alias "foo" (as the sample SSL configuration defined above). I'm not exactly sure why (although I can guess of a few) but if you have a keystore with more than one alias as keystore, JBOSS is going to complaint, so try to have one with a single alias.

No comments: