–>Enabling SSL on JBoss AS 4.2.x

Enabling SSL on JBoss AS 4.2.x: If you want get it in seperate document click here

In order to use the HTTPS on your application, we have to first enable JBoss AS to accept HTTP connections over SSL. This page describes the necessary steps using a self-signed certificate.

Here we are creating the self signed certificate, but the procedure would be the same even if you are going to use a certificate from a Certification Authority like Verisign Trust Network.

  1. Generate the keystore using the command below. For the most part, you can just make up stuff for the responses. However, remember the password you provide and use the same password for the keystore and the key. When it asks for your first and last name, you should enter the hostname used for JBoss AS (i.e., localhost).

a)      Either user the following command

keytool -genkey -alias serverkeys -keyalg RSA -keystore server.keystore -storepass changeit -keypass changeit -dname “CN=localhost, OU=UIS, O=GU, L=Washington, ST=DC, C=US”

From the above –dname, the names are described in details

CN : first name and last name (generally we need to give hostname used for JBoss AS)

OU : Organizational Unit

O : Organization

L : City or Locality

ST : State or Province

C : Country code for this Unit

server.keystore : is a Trusted file(self signed certificate) to store the above information and we need to place this file in the JBoss server location.

OR

b)      Use this command, and the prompt will ask you the above details mentioned in –dname

keytool -genkey -alias tc-ssl -keyalg RSA -keystore server.keystore -validity 3650

OR

keytool -genkey -keyalg RSA -keystore server.keystore -validity NUMBER_OF_DAYS

  1. Move the generated file the conf directory of the JBoss AS default domain (or the one you are using):

> mv server.keystore ${jboss.home}/server/default/conf/

  1. Open the file ${jboss.home}/server/default/deploy/jboss-web.deployer/server.xml in your editor, remove the XML comment around the SSL-connector, and modify the attributes to match the configuration shown here:

<Connector port=”443” protocol=”HTTP/1.1

SSLEnabled=”true” maxThreads=”150” scheme=”https

secure=”true” clientAuth=”false” sslProtocol=”TLS”                                           address=”${jboss.bind.address}

keystoreFile=”${jboss.server.home.dir}/conf/server.keystore

keystorePass=”changeit“/>

  1. Now you should be able to access your application through https. The URL will begin with https instead of http and you need to include the port number if the port you provided in the configuration is anything other than 443:
        https://localhost:443
Advertisements