Jason Parms

Before installing SSL on JBoss, you need to create keystore, generate CSR and then configure SSL.

When you create CSR via Java-based server like Tomcat, You need to generate key store and on that base, you need to create CSR. You can create java key store from below path:

Create Keystore with Keytool


keytool -genkey -keyalg RSA -alias tomcat -keystore [keystore name] -keysize 2048

Now, you will be asked some questions as below:

  • Enter keystore password (Remember this)
  • First and last name (Common/domain name)
  • Organization Unit
  • Organization Name
  • City/Locality
  • State/Province
  • Country Code (2 letter)

After that, you will be asked to verify details,

Is CN=www.yourdomain.com, OU=Your Organizational Unit, O=Your Organization, L=Your City, ST=Your State, C=Your Country correct?

When you respond “Y” or “YES“, you will have to enter a password for <mykey>

<mykey> is the default assumed name for the certificate. Please save keystore in JDK/bin directory.

Create CSR with Key Store:


After creating key store, you need to create CSR from below command:

keytool -certreq -alias tomcat -keyalg  RSA -file certreq.csr -keystore [keystorename]

Use keystore password then save your CSR in JDK/bin directory.

-----BEGIN CERTIFICATE REQUEST
 
and 

-----END CERTIFICATE REQUEST---- 

Import Certificate:


After providing CSR to your SSL provider and completing SSL configuration process, you will recieve your certificate via email. Now, import the certificate into key store.

keytool -import -alias tomcat -trustcacerts -file cert.txt  -keystore [keystorename]

Configure JBoss Web Container:


Please browse server.xml file in Tomcat and it should start with Uncomment this for SSL support”. You need to uncomment the following part and add the location of your server key.

<Connector className="org.apache.tomcat.service.PoolTcpConnector">
<Parameter name="handler"
value="org.apache.tomcat.service.http.HttpConnectionHandler"/>
<Parameter name="port"
value="8443"/>
<Parameter name="socketFactory"
value="org.apache.tomcat.net.SSLSocketFactory" />
<Parameter name="keystore" value="/usr/java/jakarta-tomcat-3.2.2/server.keystore" />
<Parameter name="keypass" value="changeit" />
</Connector>

Now, copy the JSSE jars to $TOMCAT_HOME/lib directory.

If you are using Jetty – browse the part in the $JBOSS_JETTY_HOME/conf/jetty/jetty.xml configuration file that should begin with, “Uncomment this to add an SSL listener”. Uncomment the following section, and insert the location of your server key.

<Call name="addListener">
<Arg>
<New class="com.mortbay.HTTP.SunJsseListener">
<Set name="Port">8443</Set>
<Set name="MinThreads">5</Set>
<Set name="MaxThreads">255</Set>
<Set name="MaxIdleTimeMs">50000</Set>
<Set name="Keystore"><SystemProperty name="jetty.home" default="."/>/etc/server.keystore</Set>
<Set name="Password">changeit</Set>
<Set name="KeyPassword">changeit</Set>
</New>
</Arg>
</Call>

Check SSL after Installation:

After configuring JBoss Web Container, you need to restart JBoss server. You can check SSL with SSL checker too.