Macromedia live cycle 7.2 Manual
Adobe LiveCycle
Configuring SSL on JBoss
Installing and Configuring LiveCycle Security Products for JBoss
Enabling SSL 67
Enabling SSL
You can now enable SSL on the application server by editing the files indicated in this section. When SSL is
configured, you must manually start JBoss.
configured, you must manually start JBoss.
➤
To enable SSL:
1. Using a text editor, open the jacorb.properties file from the [appserver root]/server/all/conf directory.
2. In the jacorb.properties file, replace the SSL configuration section with the following text:
#########################
### SSL Configuration ###
#########################
# the qualified classname of the ssl socket factory class
jacorb.ssl.socket_factory=org.jacorb.security.ssl.sun_jsse.
SSLSocketFactory
# the qualified classname of the ssl server socket factory class
jacorb.ssl.server_socket_factory=org.jacorb.security.ssl.sun_jsse.
SSLServerSocketFactory
# The name and location of the keystore. This should be absolute
# to the directory where this property file resides.
#jacorb.security.keystore=c:/jboss-3.2.5/server/all/svcnative/
ads-ssl.jks
jacorb.security.keystore=<!--replace with absolute path of ads-ssl.jks-->
jacorb.security.keystore_password=password
# trusted ca certs are also in the same keystore
jacorb.security.jsse.trustees_from_ks=on
jacorb.security.support_ssl=on
#client side ssl supported or enforced?
jacorb.security.ssl.client.supported_options=60
jacorb.security.ssl.client.required_options=0
#server side ssl supported or enforced?
jacorb.security.ssl.server.supported_options=60
jacorb.security.ssl.server.required_options=60
### SSL Configuration ###
#########################
# the qualified classname of the ssl socket factory class
jacorb.ssl.socket_factory=org.jacorb.security.ssl.sun_jsse.
SSLSocketFactory
# the qualified classname of the ssl server socket factory class
jacorb.ssl.server_socket_factory=org.jacorb.security.ssl.sun_jsse.
SSLServerSocketFactory
# The name and location of the keystore. This should be absolute
# to the directory where this property file resides.
#jacorb.security.keystore=c:/jboss-3.2.5/server/all/svcnative/
ads-ssl.jks
jacorb.security.keystore=<!--replace with absolute path of ads-ssl.jks-->
jacorb.security.keystore_password=password
# trusted ca certs are also in the same keystore
jacorb.security.jsse.trustees_from_ks=on
jacorb.security.support_ssl=on
#client side ssl supported or enforced?
jacorb.security.ssl.client.supported_options=60
jacorb.security.ssl.client.required_options=0
#server side ssl supported or enforced?
jacorb.security.ssl.server.supported_options=60
jacorb.security.ssl.server.required_options=60
3. Enable SSL and set the keystore password in the Data Manager Module. You can configure these
settings using the Configuration Manager. (See
.)
4. Stop and restart the application server.
➤
To add certificates to the trust certificates:
1. Copy the cacerts file from the [JAVA_HOME]/jre/lib/security/ directory and store it in a safe location.
2. From a command prompt, type:
>keytool -import -v -noprompt -alias <uniqueAliasPerRelevantServer>
-file [appserver root]\server\all\svcnative\ads-ca.cer -keystore
"%JAVA_HOME%\jre\lib\security\cacerts"
-storepass changeit -keypass password
-file [appserver root]\server\all\svcnative\ads-ca.cer -keystore
"%JAVA_HOME%\jre\lib\security\cacerts"
-storepass changeit -keypass password
Note:
The value
changeit
is the default password for cacerts; your actual password may be different. In a
production environment, edit this password and use a strong pass phrase. You must do this as the
root user.
root user.