Weblog entry #2 for mar

See all weblog entries made by mar.

XML logo

#2
Installing SSL certificate with JBoss
Posted by mar on Sat 3 Feb 2007 at 19:06
Tags: none.

Just a note how to generate and install the SSL self-signed certificate under JBoss 3.2.8 AS.

The process is simple:

  1. generate the certificate
  2. modify the config files
  3. place the certificate to proper location
  4. test the installation

This can be applied to any tomcat/jboss installation, but examples below are suited for jboss 3.2.8 and its embedded tomcat. Of course, there are probably other (better? :-) sources of this "recipe" around the web.

1. Generate the certificate -- just use the command below or read the man keytool and change the options to whatever you prefer. Just remember to choose the right password.

keytool -genkey -alias jboss -keyalg RSA \
-dname 'CN=domain.org, OU=org.unit, O=organization, L=location, S=province, C=country' \
-keypass CHANGE -storepass CHANGE \
-keystore jboss.keystore

The command above will store the key into file jboss.keystore in current directory. Keep it there for now.

2. Modify the config files -- find out the config files for your tomcat within a jboss installation. I installed jboss under /opt/jboss-3.2.8 and i use the default configuration. So the config file of interest is /opt/jboss-3.2.8/server/default/deploy/jbossweb-tomcat50.sar/server.xml.

Uncomment the lines for SSL Connector -- it should look like:

      <Connector port="8443" address="${jboss.bind.address}"
           maxThreads="100" minSpareThreads="5" maxSpareThreads="15"
           scheme="https" secure="true" clientAuth="false"
           keystoreFile="${jboss.server.home.dir}/conf/chap8.keystore"
           keystorePass="CHANGE" sslProtocol = "TLS" />

Note the keystorePass attribute -- change its value to your password and the keystoreFile attribute -- it points to the location where it expects the certificate file (change it or leave it -- i left it alone thinking about what the name can mean :-).

3. Place the config file to proper location -- just copy the generated certificate to location keystoreFile attribute points to. My file is /opt/jboss-3.2.8/server/default/conf/chap8.keystore. You may want to change the ownership and permissions on that file.

4. Start the jboss server and check the log -- everything should be fine by now and you may point your browser to http://localhost:8443/.

[ 0 Comments | Add Comment | XML logo ]
<<< Previous

 

User Login

Username:

Password:

[ Advanced Login ]

Register Account

Quick Site Search