Details
-
Sub-task
-
Resolution: Done
-
Major
-
EAP_EWP 5.1.0_CR3
-
None
Description
Josh,
I have couple of suggestions regarding generation of self signed certificate.
One can use following option combination to generate cert. in one go.
keytool -genkey -alias ejb-ssl -keystore localhost.keystore -storepass EJB-SSL_KEYPAIR_PASSWORD -keypass EJB-SSL_KEYPAIR_PASSWORD-dname "CN=localhost,OU=QE,O=redhat.com,L=Brno,C=CZ"
Especially important is part -dname where CN must contain name of server which will use the certificate in its https connector.
My example is for localhost usage. Certificate has to have CN=server_name from this example scheme https://server_name:8443/invoker/JNDIFactory. If not, user will get "javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No name matching" exception.
Can you incorporate this to the section 16.2.1.1, please?
Attachments
Issue Links
- blocks
-
JBPAPP-5090 SecGuide 5.1: Chapter 16. Encrypting EJB connections with SSL - missing EJB3 over https part
-
- Closed
-
