Wednesday, April 29, 2015

config JBossAS 7.1 to use customized truststore

From JBoss AS 7.1, my ejb service needs to send out email to exchange server via Microsoft EWS Java API.

EWS Java API maven dependency as
<dependency>
 <groupId>com.microsoft.ews-java-api</groupId>
 <artifactId>ews-java-api</artifactId>
 <version>2.0-SNAPSHOT</version>
</dependency>

Our exchange server endpoint is exposed via https, whose certificate is self-signed by company's root CA (the root ca is also self-signed).

At runtime, when the EJB trying to connect to exchange server (via https), since JBoss doesn't trust company's root ca, we got error as


...
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
 at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:196) [rt.jar:1.7.0_75]
 at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:268) [rt.jar:1.7.0_75]
 at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:380) [rt.jar:1.7.0_75]
 ... 171 more

To fix this, I need to config JBoss to trust company's root ca, so that also trust the https certificate the root ca signed. Since my dev JBoss has no truststore configured yet, I add following system properties to server's standalone-full.xml file in C:\DEVEL\APPS\jboss-as-7.1.3.Final\standalone\configuration. The updated  standalone-full.xml as


        <extension module="org.jboss.as.webservices"/>
        <extension module="org.jboss.as.weld"/>
    </extensions>

    <system-properties>
        <property name="javax.net.ssl.trustStore" value="c:\\Users\\jwang.tek\\.keystore "/>
        <property name="javax.net.ssl.trustStorePassword" value="dev1234"/>
    </system-properties>


    <management>
        <security-realms>

Note: the system-properties needs to be right after extension tag.

 Restart JBoss AS server, connect via cli, I can see the added system properties as

 
C:\DEVEL\APPS\jboss-as-7.1.3.Final\bin>jboss-cli.bat --connect
[standalone@localhost:9999 /] /system-property=foo:read-resource
{
    "outcome" => "failed",
    "failure-description" => "JBAS014807: Management resource '[(\"system-property\" => \"foo\")]' not found",
    "rolled-back" => true
}
[standalone@localhost:9999 /] /system-property=javax.net.ssl.trustStore:read-resource
{
    "outcome" => "success",
    "result" => {"value" => "c:\\\\Users\\\\jwang.tek\\\\.keystore "}
}
[standalone@localhost:9999 /]

Done. JBoss started fine, hit EJB service and sending email to exchange server works fine.
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)