Thursday, 20 February 2014

JBOSS 7 HTTPS/SSL configuration

JBOSS by default is not configured to run on HTTPS. For configuring JBOSS to run on https follow below steps:

1. Create Self-Signed Certificate

Do this step only if a valid certificate is not present and a self-signed certificate needs to be used.

Create self-signed certificate from a machine where java is installed. Fire the below command from command prompt:
keytool -genkeypair -alias client -keyalg RSA -keysize 1024 -storetype jks -validity 365 -keypass password -keystore jboss.jck -storepass password -dname "cn=localhost, ou=Verisign, o=MyComp Inc, l=Foster City, st=California, c=US"

This will create jboss.jck keystore file.  Place the file at location /usr/local/cert.

keytool -export -alias client -storetype jks -keystore jboss.jck -storepass password -file jboss.crt

This will create a self-signed certificate from a self-signed key store.

Place the generated file jboss.crt at location /usr/local/cert.

Please note that if a CA valid certificate is present then skip the above step and place the valid certificate at /usr/loca/cert.

2. Configure JBOSS

In standalone.xml present at JBOSS_HOME/standalone/configuration make changes to subsystem tag with xmlns as urn:jboss:domain:web:1.1 as mentioned below:
<subsystem xmlns="urn:jboss:domain:web:1.1" default-virtual-server="default-host" native="false">
<connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="http"/>
<connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" secure="true">
<ssl key-alias="client" password="password" certificate-key-file="/usr/local/cert/jboss.jck"/>
<virtual-server name="default-host" enable-welcome-root="true">
<alias name="localhost"/>
<alias name=""/>

JBOSS’s default HTTPS/SSL port is 8443.

1 comment:

Share the post