Configuring JBoss with SSL

November 4, 2008 — Leave a comment

Sometimes you need a self signed certificate to use SSL with your JBoss installation. This is a small how-to that tells you the essential steps to do that.

# Creating the Keystore #

Creating a keystore to store certificates that JBoss can use.

keytool -genkey -alias $MYDOMAIN -keyalg RSA ↵
-keystore my.keystore

You will be asked for a password to this keystore, just set any password you like. Furthermore you will need to enter some more information, just enter whatever you like – you only need these values to be correct if you are going to sign the certificate at your Certificate Authority.

# Creating a Certificate Request #

Then we need to create a Certificate Request.

keytool -certreq -keystore my.keystore ↵
-alias $MYDOMAIN -file myserver.csr

Normally you would want to send this Certificate Request to your Certificate Authority to sign it. That way browsers would accept your certificate without complaining. But we only need this certificate for our local development machine, so don’t worry about a security exception. You need to accept this certificate within your browser, though.

# Configuring JBoss #

You need to change this file to enable SSL with our created certificate: $JBOSS_HOME/server/default/deploy/jbossweb-tomcat50.sar/server.xml. Look for the following lines and uncomment them:

<Connector port="8443" address="${jboss.bind.address}"
  maxThreads="100" strategy="ms" maxHttpHeaderSize="8192"
  emptySessionPath="true"
  scheme="https" secure="true" clientAuth="false"
  keystoreFile="${jboss.server.home.dir}/conf/ssl/my.keystore"
  keystorePass="KEYSTORE_PASSWORD" sslProtocol = "TLS" />

At last we need to copy your keystore to the proper place:

mkdir $JBOSS_HOME/server/default/conf/ssl
cp my.keystore $JBOSS_HOME/server/default/conf/ssl/

After a JBoss restart you can now use the https connection.

# See also #

This how-to is a short version of [SSL mit JBoss (german)](http://www.hackerwiki.org/index.php/SSL_mit_JBoss).

No Comments

Be the first to start the conversation!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s