i’m writing this little note as “errata corrige” of HTTPS Configuration Chapter in RedHat JBoss EAP Installation Guide. If you follow the steps indicated there you will get a not working Tomcat’s istance: That’s because they are missing a step well explained in the Tomcat 6 SSL How To:
Shortly Tomcat can use two SSL Engine:
- the JSSE implementation provided as part of the Java runtime (since 1.4)
- the APR implementation, which uses the OpenSSL engine by default
the RedHat guide shows you how to use java keytool, which can be used with the JSSE implementation, but the default tomcat configuration in JBoss EAP 5.1 uses the APR implementation, that’s means if you would use the keytool and the keystore as i suggest you, you should change this line in <server-profile>/deploy/jbossweb.sar/server.xml
<Listener className=”org.apache.catalina.core.AprLifecycleListener” SSLEngine=”on” />
with this line
<Listener className=”org.apache.coyote.http11.Http11NioProtocol” SSLEngine=”on” />
for non-blocking ssl listener or with
<Listener className=”org.apache.coyote.http11.Http11Protocol” SSLEngine=”on” />
to obtain a blocking ssl listener.
After that you can easily follow the redhat guide.