"Error creating SSL Socket Factory for client invoker: Error initializing socket factory SSL context: Can not find truststore url."
Ever seen this error in your JBoss AS logs?
I have an application running on JBoss AS 5.1 and I saw org.jboss.remoting.transport.http.HTTPClientInvoker throwing this error at me, so I started to investigate what was going on.
I'm calling an external web service with a HTTPS and I saw the above error before every outgoing request message. The reason was that I didn't have a keystore set up.
Creating a keystore with a key and self-signed certificate is easy, it can be done with the keytool that comes with the JDK:
keytool -keystore myApp.keystore -alias myApp -genkey -keyalg RSA -validity 365
I then placed the keystore file into the conf folder on my server. To let JBoss know about the keystore, I added the following options to run.conf.bat, so that they would be loaded each time the server is started:
No more "Can not find truststore url" error.
If I ever want to setup my production environment Tomcat with a secure HTTP connector, I must remember not to try to use the same keystore for the connector (set up in server.xml). Not only because it's self-signed, but also because in production the Tomcat utilizes the APR connector (Apache Portable Runtime). APR uses a native connection and for SSL a native connection uses OpenSSL instead of JSSE (Java Secure Sockets Extension).
Here are commands to create key and certificate with OpenSSL:
openssl genrsa -des3 -out myApp.key
openssl req -new -x509 -key myApp.key -out myApp.crt
Here's example how to configure the connector in server.xml:
< Connector port="443" maxHttpHeaderSize="8192"
acceptCount="100" scheme="https" secure="true"
In a non-APR enviroment, like my localhost, I can use the JSSE keystore:
< Connector protocol="HTTP/1.1" SSLEnabled="true"
scheme="https" secure="true" clientAuth="false"
keystorePass="password" sslProtocol = "TLS" />
Configuring SSL for Jetty: