SSL and TLS

A popular implementation of public-key encryption is the Secure Sockets Layer (SSL). Originally developed by Netscape, SSL is an Internet security protocol used by Internet browsers and Web servers to transmit sensitive information. SSL has become part of an overall security protocol known as Transport Layer Security (TLS).

Look for the "s" after "http" in the address whenever you are about to enter sensitive information, such as a credit-card number, into a form on a Web site.

In your browser, you can tell when you are using a secure protocol, such as TLS, in a couple of different ways. You will notice that the "http" in the address line is replaced with "https," and you should see a small padlock in the status bar at the bottom of the browser window. When you're accessing sensitive information, such as an online bank account or a payment transfer service like PayPal or Google Checkout, chances are you'll see this type of format change and know your information will most likely pass along securely.
TLS and its predecessor SSL make significant use of certificate authorities. Once your browser requests a secure page and adds the "s" onto "http," the browser sends out the public key and the certificate, checking three things: 1) that the certificate comes from a trusted party; 2) that the certificate is currently valid; and 3) that the certificate has a relationship with the site from which it's coming.

The padlock symbol lets you know that you are using encryption.

The browser then uses the public key to encrypt a randomly selected symmetric key. Public-key encryption takes a lot of computing, so most systems use a combination of public-key and symmetric key encryption. When two computers initiate a secure session, one computer creates a symmetric key and sends it to the other computer using public-key encryption. The two computers can then communicate using symmetric-key encryption. Once the session is finished, each computer discards the symmetric key used for that session. Any additional sessions require that a new symmetric key be created, and the process is repeated.

Red Hat web server configuration for Mod_jk

Red Hat web server  configuration for Mod_jk 

In order to start the  EWS for Mod_jk 

Step 1:   First extract the Zip file go to  the folder C:\RHATews-1.0.2-windows32-i386\Red            Hat\Enterprise Web Server\etc\httpd\conf

Step 2 :  Rename the File httpd.conf.in to httpd.conf

Step 3  : Change the Default Listen  Listen 127.0.0.1:80 to Listen *:80

Step 4 : Change  the following to their Corresponding LIB Folder

               Ex : LoadModule auth_basic_module ../../lib/httpd/modules/mod_auth_basic.so

Step 4 : Include the following for the MOD_JK Configuration,

              # Include mod_jk's specific configuration file 

              Include conf/mod_jk.conf

SSLRandomSeed startup builtin

SSLRandomSeed connect builtin

Step 5 :  Now Rename the file  mod_jk.conf.sample to mod_jk

Step 6 :  Replace the following LoadModule jk_module modules/mod_jk.so    to     

             LoadModule jk_module ../../lib/httpd/modules/mod_jk.so

Step 7 :  Provide your application name

# Mount your applications

JkMount /application/* loadbalancer  

Step 8 : Comment the Deny location

Step 9 : Rename the uriworkermap.properties.sample   to  uriworkermap

Step 10 : Remove all  and just add the below,

# Simple worker configuration file

# Mount the Servlet context to the ajp13 worker

/jmx-console=loadbalancer

/jmx-console/*=loadbalancer

/web-console=loadbalancer

/web-console/*=loadbalancer

/ghie/*=loadbalancer

Step 11 :Rename the  workers.properties.jboss.sample  to  workers

Define the JBOSS EAP SERVER BOX  IP and its Port No in the following

Provide the Node Details

# Define Node1

# modify the host as your host IP or DNS name.

worker.node1.port=8009

worker.node1.host=192.168.7.99

worker.node1.type=ajp13

worker.node1.ping_mode=A

worker.node1.lbfactor=1

# Define Node2

# modify the host as your host IP or DNS name.

worker.node2.port=8009

worker.node2.host=192.168.7.60

worker.node2.type=ajp13

worker.node2.ping_mode=B

worker.node2.lbfactor=2

#worker.node2.cachesize=10

Step 12 :Enable the Sticky session by adding the following bold line

# Load-balancing behavior

worker.loadbalancer.type=lb

worker.loadbalancer.balance_workers=node1,node2

worker.loadbalancer.sticky_session=1

Step 13 : Move to the Folder C:\RHATews-1.0.2-windows32-i386\Red Hat\Enterprise Web    Server\etc\httpd\conf.d

Step 14 :Rename the Following File  manual.conf.in   to manual

Step 15 :Rename the following file proxy_ajp.conf.in to  proxy_ajp

               

Change the following ,

LoadModule proxy_ajp_module ../../lib/httpd/modules//mod_proxy_ajp.so

Step 16 :Rename the file ssl.conf.in  to  ssl               

Change the following,

LoadModule ssl_module ../../lib/httpd/modules//mod_ssl.so

Listen localhost:443 to Listen 443

Step 17 :Uncomment the following line and add the Server Name and Server Admin

               

DocumentRoot "/Program Files/Red Hat/Enterprise Web Server/var/www/html"

ServerName localhost:443

ServerAdmin vijay@abinnovative.com

Step 18 : Add the following ,

               

JkMountCopy On

JkMount /ghie/* loadbalancer

Step 19 :Rename the file  welcome.conf.in  to   welcome.

Step 20 :Add a Folder  logs,run in  the following path  C:\RHATews-1.0.2-windows32-i386\Red Hat\Enterprise Web Server\etc\httpd

Step 21 :Rename the File mime.types.in   to  mime.types in the path  C:\RHATews-1.0.2-windows32-i386\Red Hat\Enterprise Web Server\etc

Step 22:Rename the File charset.conv.in   to  charset.conv in the path  C:\RHATews-1.0.2-windows32-i386\Red Hat\Enterprise Web Server\etc

Step 23 :In the following path add your Index HTML Page so that it will be displayed for you while running the EWS,

               

C:\RHATews-1.0.2-windows32-i386\Red Hat\Enterprise Web Server\var\www\html

Step 24 :To Start the Server  go to the folder C:\RHATews-1.0.2-windows32-i386\Red Hat\Enterprise Web Server\bin

Run using the httpd.exe

Configuration of  Jboss EAP Server 6.0

To  do clustering we need two different box  with Jboss EAP Server 6.0

NOTE :Make the following changes in BOX 1 which is Node 1 in MOD_JK

Step 25 :Copy the folder Standalone and save it in the same path and rename it as  standalone-node1

C:\EAP-6.0.0.GA\jboss-eap-6.0\standalone

Step 26 :Add the Following in Standalone.xml file

Note :In the certificate –file provide your keystore file that you have created for ssl

               

Step27 :In the  standalone-ha.xml add the following,

Provide the Name for  the  server

Step 28 :Change the default-stack from udp to tcp

               

Step 29 :Include the following  under  

               

 node1 ip(192.168.7.99[7600]),node2 ip(192.168.7.60[7600])

                   2

                    0

                    2000

Step 30 :Add the following  instance-id  ,connector ajp and https line under the subsystem urn:jboss:domain:web:1.1

 <subsystem xmlns="urn:jboss:domain:web:1.1" default-virtual-server="default-host" instance-id="${jboss.node.name}" native="false">

 

  

               

 

Step 31 :Deploy your project under deployement folder.

Step 32 :To Start the Jboss EAP Server 6.0 in cluster mode use the following command,

C:\EAP-6.0.0.GA\jboss-eap-6.0\bin>standalone.bat -c standalone-ha.xml –b Hostname( 192.168.7.60) -Djboss.server.base.dir=../standalone-node1 -Djboss.node.name=node1

Ex:

standalone.bat -c standalone-ha.xml –b   192.168.7.60 -Djboss.server.base.dir=../standalone-node1 -Djboss.node.name=node1

standalone.bat -c standalone-ha.xml –b   192.168.7.99 -Djboss.server.base.dir=../standalone-node2 -Djboss.node.name=node2

Do the same for the Jboss EAP Server 2 and replace Standalone-node1 to standalone-node2.