8.5. SSL Connector Reference

JBoss Web connectors may include the following SSL configuration attributes. The CLI commands provided are designed for a managed domain using profile default. Change the profile name to the one you wish to configure, for a managed domain, or omit the /profile=default portion of the command, for a standalone server.

Expand

Table 8.1. SSL Connector Attributes
Attribute	Description	CLI Command
name	The display name of the SSL connector.	`/profile=default/subsystem=web/connector=HTTPS/ssl=configuration/:write-attribute(name=name,value=https)` Copy to Clipboard Toggle word wrap
verify-client	Set to `true` to require a valid certificate chain from the client before accepting a connection. Set to `want` if you want the SSL stack to request a client Certificate, but not fail if one is not presented. Set to `false` (the default) to not require a certificate chain unless the client requests a resource protected by a security constraint that uses `CLIENT-CERT` authentication.	`/profile=default/subsystem=web/connector=HTTPS/ssl=configuration/:write-attribute(name=verify-client,value=want)` Copy to Clipboard Toggle word wrap
verify-depth	The maximum number of intermediate certificate issuers checked before deciding that the clients do not have a valid certificate. The default value is `10`.	`/profile=default/subsystem=web/connector=HTTPS/ssl=configuration/:write-attribute(name=verify-depth,value=10)` Copy to Clipboard Toggle word wrap
certificate-key-file	The full file path and file name of the keystore file where the signed server certificate is stored. With JSSE encryption, this certificate file will be the only one, while OpenSSL uses several files. The default value is the `.keystore` file in the home directory of the user running JBoss EAP 6. If your `keystoreType` does not use a file, set the parameter to an empty string.	`/profile=default/subsystem=web/connector=HTTPS/ssl=configuration/:write-attribute(name=certificate-key-file,value=../domain/configuration/server.keystore)` Copy to Clipboard Toggle word wrap
certificate-file	If you use OpenSSL encryption, set the value of this parameter to the path to the file containing the server certificate.	`/profile=default/subsystem=web/connector=HTTPS/ssl=configuration/:write-attribute(name=certificate-file,value=server.crt)` Copy to Clipboard Toggle word wrap
password	The password for both the trustore and keystore. In the following example, replace PASSWORD with your own password.	`/profile=default/subsystem=web/connector=HTTPS/ssl=configuration/:write-attribute(name=password,value=PASSWORD)` Copy to Clipboard Toggle word wrap
protocol	The version of the SSL protocol to use. Supported values include `SSLv2`, `SSLv3`, `TLSv1`, `SSLv2+SSLv3`, and `ALL`. The default is `ALL`.	`/profile=default/subsystem=web/connector=HTTPS/ssl=configuration/:write-attribute(name=protocol,value=ALL)` Copy to Clipboard Toggle word wrap
cipher-suite	A comma-separated list of the encryption ciphers which are allowed. The JVM default for JSSE contains weak ciphers which should not be used. The example only lists two possible ciphers, but real-world examples will likely use more.	`/profile=default/subsystem=web/connector=HTTPS/ssl=configuration/:write-attribute(name=cipher-suite, value="TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA")` Copy to Clipboard Toggle word wrap
key-alias	The alias used to for the server certificate in the keystore. In the following example, replace KEY_ALIAS with your certificate's alias.	`/profile=default/subsystem=web/connector=HTTPS/ssl=configuration/:write-attribute(name=key-alias,value=KEY_ALIAS)` Copy to Clipboard Toggle word wrap
truststore-type	The type of the truststore. Various types of keystores are available, including `PKCS12` and Java's standard `JKS`.	`/profile=default/subsystem=web/connector=HTTPS/ssl=configuration/:write-attribute(name=truststore-type,value=jks)` Copy to Clipboard Toggle word wrap
keystore-type	The type of the keystore, Various types of keystores are available, including `PKCS12` and Java's standard `JKS`.	`/profile=default/subsystem=web/connector=HTTPS/ssl=configuration/:write-attribute(name=keystore-type,value=jks)` Copy to Clipboard Toggle word wrap
ca-certificate-file	The file containing the CA certificates. This is the `truststoreFile`, in the case of JSSE, and uses the same password as the keystore. The `ca-certificate-file` file is used to validate client certificates.	`/profile=default/subsystem=web/connector=HTTPS/ssl=configuration/:write-attribute(name=certificate-file,value=ca.crt)` Copy to Clipboard Toggle word wrap
ca-certificate-password	The Certificate password for the `ca-certificate-file`. In the following example, replace the MASKED_PASSWORD with your own masked password.	`/profile=default/subsystem=web/connector=HTTPS/ssl=configuration/:write-attribute(name=ca-certificate-password,value=MASKED_PASSWORD)` Copy to Clipboard Toggle word wrap
ca-revocation-url	A file or URL which contains the revocation list. It refers to the `crlFile` for JSSE or the `SSLCARevocationFile` for SSL.	`/profile=default/subsystem=web/connector=HTTPS/ssl=configuration/:write-attribute(name=ca-revocation-url,value=ca.crl)` Copy to Clipboard Toggle word wrap
session-cache-size	The size of the SSLSession cache. This attribute applies only to JSSE connectors. The default is `0`, which specifies an unlimited cache size.	`/profile=default/subsystem=web/connector=HTTPS/ssl=configuration/:write-attribute(name=session-cache-size,value=100)` Copy to Clipboard Toggle word wrap
session-timeout	The number of seconds before a cached SSLSession expires. This attribute applies only to JSSE connectors. The default is `86400` seconds, which is 24 hours.	`/profile=default/subsystem=web/connector=HTTPS/ssl=configuration/:write-attribute(name=session-timeout,value=43200)` Copy to Clipboard Toggle word wrap

Report a bug

返回顶部

此内容没有您所选择的语言版本。

8.5. SSL Connector Reference

学习

尝试、购买和销售

社区

关于红帽文档

让开源更具包容性

關於紅帽

Theme

Red Hat legal and privacy links

Red Hat legal and privacy links