Configuring One-Way SSL

One-way SSL is the most common, standard implementation of SSL in client/server connections. In this mode, when a client attempts to connect with the server, the server offers the client a signed certificate. This certificate can be self signed or signed by a Certificate Authority (CA). The connection succeeds if the client configuration accepts self-signed certificates or when the client trusts the CA in its local trust store and validates the certificate.

Procedure

  1. If a VirtualRouter instance is forwarding requests to the enabler, ensure it has SSL configuration enabled. This is required for VirtualRouter to communicate with the server.
  2. In the Silver Fabric Administration Tool, go to Stacks > Components.
  3. Select Edit Component from the Actions list adjacent to your component.
  4. Select Add/Edit Component Features.
  5. Select the HTTP Support feature and click Edit.
  6. If you select HTTPS Enabled option, only then the requests from VirtualRouter to server are routed over SSL. When both HTTP and HTTPS are options are selected, HTTP is given a preference. When only HTTPS Enabled option is selected, deployed applications on JBoss EAP server are accessible over HTTPS.
  7. Click OK.
  8. The server uses the demo keystore bundled with JBoss EAP by default. If this is sufficient for your needs, click Finish. Otherwise, specify runtime context variables in the next step.
  9. Select Add/override/edit Enabler and Component-Specific Runtime Context Variables and configure the following Environment variables as necessary:
    Variable Description
    SERVER_KEY_STORE_FILE Fully qualified pathname of server key store file location for incoming SSL connections
    SSL_PASSWORD Password for the keystore
    SERVER_KEY_ALIAS Private key entry’s alias in the server key store. Change this if you changed the location of the server key store file with SERVER_KEY_STORE_FILE.
    For context variables that require a fully qualified pathname, use the following environment variables if needed:
    Variable Description
    ${JBOSS_HOME} Expands to the base directory of the JBoss EAP distribution on the engine.
  10. Click OK when finished. You must now upload your keystore and, trust store for the server.
  11. Select Add/override/customize Enabler and Component-specific Content Files
  12. Click Upload.
  13. Complete the screen as follows:
    Property Description
    Name A name for your file
    Relative Path The value you used for SERVER_KEY_STORE_FILE
    File The keystore file containing your server certificate
  14. Click Finish.
  15. To deploy the component, from the Actions list, select Publish Component.